I am creating an "average" e-commerce website (using drupal and ubercart if that matters). I've read about pci compliance in the past, and that's why I'm wondering how I can see what applies to my situation. I'll probably be going with "rackspace cloud servers", though we might end up going with the amazon cloud. It doesn't seem like there should really be any requirements as long as I have a working ssl certificate along with not storing the credit cards on my server. If I'm using authorize.net or something similar, it seems like most of the compliance will be on their part.
When do I need to learn more? (Before I choose a host and get a server all ready to go)
How can I learn more?
Any general advice/tips?
My advice (having gone through full PCI compliance audits) would be to use a 3rd party payment processor unless you have significant volume, expertise and manpower in-house. This should reduce your exposure to SAQ-A which means that you need to simply fill out a questionnaire.
If you are processing cards on-site (i.e. through your software / servers / network etc.), then you're most likely SAQ-C and you'll need to jump through a bunch of hoops.
Find a payment processor that is PCI compliant that will take full ownership of the transaction. i.e. you would redirect to their website to offer payment.
What payments processors are PCI compliant, are relevant in your location, for the types of cards you want to process etc. can be very specific to you. That's a research task for yourself.
You only need PCI if you are handling credit card numbers yourself. The smart choice would be to leave anything regarding credit cards and handling of data from them to your PSP (Payment Service Provider) and only handle customer name/address and such on your own site.