Come learn all about our AWS GovCloud (US) region. Discover the features and benefits of this government-oriented community cloud, learn about exciting new features, and get a sneak peek into where we are headed in the future.
AWS GovCloud (US) Fundamentals: Past, Present, and Future - AWS Symposium 2014 - Washington D.C.
1. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
AWS GovCloud (US):
Past, Present and Future
CJ Moses
cmoses@amazon.com
Adam Clater
aclater@redhat.com
2. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
AWS GovCloud (US)
• Isolated AWS Region designed to allow U.S.
government agencies and customers to move more
sensitive workloads into the cloud by addressing their
specific regulatory and compliance needs
• Built for Controlled Unclassified Information (CUI),
Unclassified, Export Control, Privacy, Financial, and
other more sensitive data workloads
3. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Migrate existing apps & data
to the cloud
Build new apps, sites, &
services for the mission
Augment on-premises
resources with cloud capacity
Workload Strategies
4. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
CUI Workloads
CUI Category CUI Category CUI Category
Agriculture Copyright Critical Infrastructure
Export Control (ITAR) Financial Immigration
Intelligence Law Enforcement Legal
Nuclear Patent Privacy
Proprietary (IP) Statistical Tax
Transportation
Executive Order 13556: Controlled Unclassified Information
Ref: http://www.archives.gov/cui/registry/category-list.html#categories
5. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Customer Base
• U.S. Government Agencies: Federal, state and local entities
• U.S. Government contractors, systems integrators, and
FFRDCs
• U.S. Companies with IT regulatory requirements
• Workloads with Direct or Indirect Ties to U.S. Government
Functions and Services
• Commercial Workloads with U.S. Export Control and/or CUI
Considerations
6. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
• Top level account holders must be a US Person (individual or entity)
as defined by the ITAR regulations
• Individual must be a US Citizen or Green Card Holder
• US entities must be:
– A U.S. government organization at the Federal, State, Local, or
Territorial level
– A company or non-profit organization registered to do business in the
United States
• IAM Accounts can be created as needed by the customer
Account Restrictions
7. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Security & Compliance Resources
• Security & Compliance Center
• Security Overview & Best Practices
• AWS Risk & Compliance Whitepaper
• Creating HIPAA Compliant Applications
Hardware, Software & Network
• Systematic change management
• Phased updates deployment
• Safe storage decommission
• Continuous monitoring and self-audit
• Advanced network protection systems
Certifications and Accreditations
• FISMA Moderate Compliant Controls
• SOC1 - SSAE 16/ISAE 3402
• ISO 27001
• PCI DSS Level 1
• FedRAMP Agency ATO
• DIACAP up to MAC III Sensitive
• HIPAA
Physical
• Datacenters in nondescript facilities
• Physical access strictly controlled
• Must pass two-factor authentication at least twice
for floor access
• Physical access logged and audited
• Logical access logged and audited
Security and Compliance
8. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Why AWS GovCloud (US)
• Meets Federal standards for security and privacy controls, including
FedRAMP and ITAR
• Physical, Network, Machine, and Data isolation - only approved AWS U.S.
Persons have administrator access to restricted areas, networks, and
systems
• Isolated customer credentials, separate from Amazon.com and other regions
• FIPS 140-2 Validated Hardware & Cryptographic Services for VPNs and API
End Points
• All customer workloads and data maintained in the Continental United States
• All account holders must be U.S. Persons or organizations not banned or
restricted from handling ITAR data by the Federal government
• GovCloud billing and customer support is rolled into parent AWS account
9. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
History of AWS GovCloud
• Launched in fall 2011 with a basic set of services
• Built with government oriented customers in
mind
• Deployed new services to meet customer
demand
• Expanded Compliance Regimes beyond ITAR to
FISMA and FedRAMP
10. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
2012:
EC2 Cluster Compute Instances
EC2 T1.micros instances
Elastic Load Balancing
Auto Scaling
Amazon Simple Notification Service (Amazon
SNS)
Amazon Simple Queue Service (Amazon SQS)
Amazon CloudWatch Alarms
Amazon DynamoDB
Amazon Relational Database Services
MySQL
Oracle
SQL Server
ElasticWolf
AWS Customer Support Integration
2013:
AWS Management Console
Amazon Elastic Map Reduce (Amazon EMR)
Amazon Simple Work Flow
AWS Elastic Wolf Client Console
Section 508 certified
VPC By Default
AWS CloudFormation
AWS Direct Connect
AMI Copy work around
EMR Console
SWF Console
CloudFormation Console
Tagging
Route 53 (external support)
CloudFront (external support)
AWS Import/Export(external support)
2011:
Amazon Elastic Compute Cloud (EC2)
Two Availability Zones
Amazon Simple Storage Service (S3)
Full durability, designed at
99.9999999999%
Amazon Elastic Block Store (EBS)
Amazon Virtual Private Cloud (VPC)
Required for all customers
Amazon CloudWatch Metrics
AWS Identity and Access Management
Command Line API Access (No Console)
Elasticfox )
Pace of Innovation
11. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Scale & Innovation… … Drive Costs Down
Invest in
Capital
Invest in
Technology
Improve
Efficiency
Reduce
Prices
Attract More
Customers
43 price reductions across AWS
since our launch in 2006
Our Price Reduction Philosophy
12. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
AWS GovCloud Today
• Over a dozen launches in AWS
GovCloud (US) region since
January 2014
• AWS ProServe team now offers
‘Security Architecture Assessment
for FedRAMP Compliance’
2014:
RHEL
SUSE
DynamoDB Console
EC2 M3 instances
EMR M3 support
EBS-Optimized Instances
VPC Peering
Amazon SES (external support)
EC2 Key Pair Creation
EBS Provisioned IOPs
EBS General Purpose SSD Volumes
New EC2 and VPC Consoles
RDS support for t1.micro instances
RDS support for M3 instances
RDS support for PIOPS
Tagging for RDS
RDS PostgreSQL
13. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
The Future
• Continue building service parity and
focusing on the user experience
• New service features and enhancements
• Additional improvements and growth
based on customer feedback