Compliant AWS Infrastructure
for UK Regulated Firms
A fully FCA and PRA-ready AWS environment deployed through Terraform. Eight production-grade modules covering every tier of your regulated estate.
Eight Terraform Modules
Each module deploys a discrete layer of your regulated AWS environment, from the account baseline through to application security controls.
01: Account Baseline
AWS account hardening, IAM password policy, root account controls, MFA enforcement, and baseline SCPs for an AWS Organizations structure.
FCA SYSC 13 · CIS AWS v1.4.002: Logging & Audit
CloudTrail with S3 log archiving, Config rules for continuous compliance recording, and CloudWatch log groups with retention policies.
PRA SS1/21 · FCA PS21/303: Network Controls
VPC with segmented public and private subnets, NACLs, Security Groups baseline, VPC Flow Logs enabled, and NAT gateway configuration.
FCA SYSC 13 · Cyber Essentials04: Data Protection
KMS key management for encryption at rest, S3 bucket policies enforcing encryption and public access blocks, and Secrets Manager for credential storage.
UK GDPR Art. 32 · PRA SS1/2105: Identity & Access
IAM roles and policies following least-privilege principles, permission boundaries, and IAM Access Analyzer for continuous entitlement review.
FCA SYSC 13 · Cyber Essentials06: Resilience & Backup
AWS Backup plans with cross-region replication, RTO and RPO configuration aligned to PRA operational resilience requirements, and recovery testing automation.
PRA SS1/21 · PS26/2 · FCA PS21/307: Threat Detection
GuardDuty with automated findings export, Security Hub aggregating findings across services, and SNS alerting to your security operations team.
FCA SYSC 13 · CTP Regime SS6/2408: CTP Regime Controls
Critical Third Party controls aligned to PS26/2 and SS6/24: service criticality tagging, exit plan documentation hooks, and concentration risk monitoring.
CTP Regime SS6/24 · PS26/2Compliance Mapping
Every module ships with a compliance mapping document linking each Terraform resource to its regulatory reference.
SYSC 8 & SYSC 13
Outsourcing arrangements, operational risk, and systems and controls requirements for FCA-authorised firms.
SS1/21: Operational Resilience
Important business services mapping, impact tolerances, and self-assessment requirements for PRA-regulated firms.
PS21/3: Outsourcing Policy
Joint PRA/FCA policy on outsourcing and third-party risk, covering cloud service providers as material third parties.
SS6/24 & PS26/2
Critical Third Party Regime controls for firms designated under the Financial Services and Markets Act 2023.
UK GDPR
Data protection by design and default, including encryption, access controls, and data residency configuration.
Cyber Essentials
Technical controls aligned to the UK government Cyber Essentials scheme: firewalls, access control, and secure configuration.
How It's Delivered
JME Secure Cloud is advisory-led. We don't publish a price list; we scope each engagement based on your environment, your regulatory position, and your team's capability.
Discovery
We review your current AWS environment, regulatory obligations, and target architecture before any code is written.
Configuration
Modules are configured for your environment: account structure, naming conventions, network ranges, and compliance scope.
Deployment
We deploy via Terraform, provide full state management guidance, and hand over a working environment with documentation.
Compliance Pack
Every engagement includes a compliance mapping document ready for regulatory review, internal audit, or third-party assessment.
Request a Briefing
Talk to us about your regulatory position and AWS environment. We'll explain how the modules apply to your situation and what an engagement looks like.