What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: The agreement engages GDPR and UK GDPR through its Data Processing Addendum, which customers must execute separately to establish the Article 28 controller-processor relationship required for lawful personal data processing on AWS infrastructure. CCPA/CPRA applicability depends on whether AWS is characterized as a service provider or third party under California law, which in turn depends on the specific data flows and contractual restrictions in place. For customers in re…

How does AWS's AWS Customer Agreement affect users?

The agreement holds customers financially responsible for all usage charges incurred under their account credentials, including unauthorized usage, which creates meaningful financial exposure if account security is compromised. AWS's liability to customers is contractually capped at fees paid in the prior twelve months, meaning customers bear the risk of losses exceeding that amount from service failures or data incidents. You can reduce exposure by enabling multi-factor authentication, setting…

How often is AWS's AWS Customer Agreement updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when AWS updates this document?

Yes. Watcher subscribers ($9.99/month) can add AWS to their watchlist and receive same-day email alerts whenever this document or any other AWS document changes.

CA-D-000674

AWS Customer Agreement

AWS

Last change detected May 5, 2026 Terms of service

SHA-256: ea1130f92464eaab92f… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at AWS ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

4 High severity

6 Medium severity

0 Low severity

Summary

This is the main legal contract between you and Amazon Web Services that governs your use of AWS cloud services such as servers, storage, databases, and AI tools. The most important thing to know is that your financial liability for your AWS account is uncapped upward: if someone gains access to your account and runs up charges, you are responsible for paying them, and AWS's own liability to you is capped at the fees you paid in the prior twelve months. If you store sensitive data on AWS, review the Data Processing Addendum and relevant service-specific terms to understand your data protection obligations before deploying workloads.

Technical / Legal Breakdown

The AWS Customer Agreement governs the relationship between Amazon Web Services and its customers, establishing the contractual basis under which AWS provides cloud computing services including compute, storage, networking, AI, and related offerings. The agreement states that customers are responsible for all activity occurring under their accounts, that AWS may modify service pricing and terms with notice, and that customers retain ownership of their content while granting AWS a license to use that content solely to provide the services. Notable provisions include a limitation of liability capping AWS's aggregate liability at the fees paid by the customer in the twelve months preceding the claim, a broad indemnification obligation requiring customers to defend AWS against third-party claims arising from customer content or use of the services, and the right of AWS to suspend services immediately for acceptable use policy violations without advance notice. The agreement engages GDPR and other regional data protection frameworks through its Data Processing Addendum structure, the FTC Act's consumer protection framework, and potentially HIPAA for customers storing protected health information; applicability of specific frameworks depends on the customer's industry, geography, and the nature of data processed on AWS infrastructure. Compliance teams should note that the governing law is Washington State law with disputes subject to binding arbitration for certain claim types, and that the agreement incorporates by reference a large body of service-specific terms, acceptable use policies, and privacy notices that materially expand the operative obligations.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

High — 4 provisions

Limitation of Liability Compare →

If AWS causes you harm through a service failure, data loss, or other incident, the maximum amount AWS will pay you is limited to what you paid AWS in the year before the incident. AWS also will not pay for lost profits, lost data, or indirect losses even if they knew these losses were possible.

Added May 8, 2026 Standard Seen across 228 platforms
Customer Account Responsibility Compare →

You are legally and financially responsible for everything that happens under your AWS account, even if someone else accessed it without your permission. AWS does not accept responsibility for unauthorized access to your account.

Added May 9, 2026 Standard Seen across 210 platforms
Service Suspension Rights

AWS can shut off your access to all services immediately, with only notice (not advance warning), if AWS decides your use poses a security risk, may harm other customers, could expose AWS to liability, or if you breach the agreement.

Added May 9, 2026 Rare
Data Processing and Privacy Addendum Structure Compare →

AWS processes your data only to run the services you use, not for its own marketing or product purposes, and it offers a separate Data Processing Addendum for customers who need it to comply with GDPR or similar laws.

Added May 9, 2026 Standard Seen across 189 platforms

Medium — 6 provisions

Content License Grant to AWS Compare →

By using AWS, you give AWS the right to use your data and content to operate and deliver the services to you. AWS can also share your content with government or regulatory authorities if legally required.

Added May 9, 2026 Standard Seen across 198 platforms
Customer Indemnification of AWS Compare →

If a third party sues AWS because of something you or your users did while using AWS services, you are required to pay AWS's legal costs and any damages awarded. This covers actions by anyone operating under your account.

Added May 9, 2026 Common Seen across 141 platforms
Modifications to Terms and Services

AWS can change its services, remove features, or update the terms of the agreement at any time by posting a revised version on its website. Continued use of the services after changes are posted generally constitutes acceptance of the new terms.

Added May 9, 2026 Rare
Governing Law and Dispute Resolution Compare →

Any legal dispute with AWS must be resolved under Washington State law in courts located in King County, Washington, regardless of where you are based in the world.

Added May 8, 2026 Standard Seen across 189 platforms
Acceptable Use Policy Incorporation Compare →

Your use of AWS is governed by an Acceptable Use Policy (AUP) published separately, and violating it can result in immediate account suspension or termination.

Added May 9, 2026 Standard Seen across 179 platforms
Fees, Payment, and Taxes Compare →

AWS bills you monthly for actual usage, with fees posted on the website and effective when updated. You must pay all charges without deducting any amounts you dispute, and AWS may bill more frequently if it suspects fraud or non-payment risk.

Added May 9, 2026 Common Seen across 150 platforms