MWS API Network Protection Eligibility


Hey Guys,

We are not eligible based on the below:

Network Protection: Developers must implement network protection controls (e.g., AWS VPC subnet/Security Groups, network firewalls) to deny access to unauthorized IP addresses and public access must be restricted only to approved users.

Where are we able to enable this? Is this within MWS or the linked AWS account?

Thank you


After you download data from MWS, you are required to protect that data. This requirement is outside of MWS and inside your network where the MWS data is being stored after you download it. You need to discuss this with your IT staff or IT consultant.

David Nelson
Dynamic Enterprise Technologies Inc
Seattle Washington USA


Thanks for the info

We’ve created an AWS account with a single EC2 instance
This is where the data will reside which will sit behind an application
The EC2 instance has been configured inside a VPC and with Security groups

How do we verify this with Amazon?


You need to study the Data Protection Policy, confirm your environment meets all of the requirements in the problem area of Network Protection, then re-answer the questions you originally got wrong on the developer questionnaire with the correct answers that now match your environment.

David Nelson
Dynamic Enterprise Technologies Inc
Seattle Washington USA


This shouldn’t be about providing correct answers to the assessment, it should be about actually securing the users data.

EC2 is a computing instance, not a place to store data. A VPC sets up a private area of the cloud for the different elements to interact minimizing outside vulnerabilities, but you still haven’t described how users will securely access the application within the VPC. Are you the developer?