Documentation
The AWS shared responsibility model applies to data protection in Kiro. As described in this model, AWS is responsible for protecting the global infrastructure that runs all of the AWS Cloud. You are responsible for maintaining control over your content that is hosted on this infrastructure. You are also responsible for the security configuration and management tasks for the AWS services that you use. For more information about data privacy, see the Data Privacy FAQ.
Kiro stores your questions, its responses, and additional context, such as code, to generate new responses to your requests. For information about how data is encrypted, see Data encryption. For information about how AWS may use some questions that you ask Kiro and its responses to improve our services, see Kiro service improvement.
Your content, such as prompts and responses, will be stored in the US East (N. Virginia) Region.
When you use any features in Kiro, your user content will be processed in a US Region. For more information, see Cross-region processing.
The following sections describe how cross-region inference and cross-region calls are used to provide the Kiro service.
Kiro is powered by Amazon Bedrock, and uses cross-region inference to distribute traffic across different AWS Regions to enhance large language model (LLM) inference performance and reliability. With cross-region inference, you get increased throughput and resilience during high demand periods, as well as improved performance.
Cross region inference doesn’t affect where your data is stored. For information on where data is stored when you use Kiro, see AWS Regions where content is stored and processed.
| Supported Kiro geography | Inference regions |
|---|---|
| United States |
|
This topic provides information specific to Kiro about encryption in transit and encryption at rest.
All communication between customers and Kiro and between Kiro and its downstream dependencies is protected using TLS 1.2 or higher connections.
Kiro encrypts your data using AWS owned encryption keys from AWS Key Management Service (AWS KMS). You don’t have to take any action to protect the AWS managed keys that encrypt your data. For more information, see AWS owned keys in the AWS Key Management Service Developer Guide.
To help Kiro provide the most relevant information, we may use certain content from Kiro, such as questions that you ask Kiro and its responses, for service improvement. This page explains what content we use and how to opt out.
We may use certain content from Kiro for service improvement. Kiro may use this content, for example, to provide better responses to common questions, fix Kiro operational issues, for de-bugging, or for model training. Content that Kiro may use for service improvement includes, for example, your questions to Kiro and the responses and code that Kiro generates.
We do not use content from Kiro Pro, Pro+, or Power users that access Kiro through AWS IAM Identity Center.
If you have an Amazon Q Developer Pro subscription and access Kiro through your AWS account with the Amazon Q Developer Pro subscription, then Kiro will not use your content for service improvement.
By default, Kiro collects usage data, errors, crash reports, and content for service improvement. This page explains how to opt out of sharing your data in Kiro, including the core application, first-party extensions, and participating third-party extensions. Note that if you opt out, you'll be opting out of sharing both your telemetry and content. For information on how Kiro uses this data, see Kiro service improvement.
Kiro Pro, Pro+, or Power users that access Kiro through AWS IAM Identity Center are automatically opted out.
To opt out of sharing your telemetry data in Kiro, use this procedure:
Data protection