aws govcloud (us) fundamentals: past, present, and future - aws symposium 2014 - washington d.c
Post on 15-Jan-2015
994 Views
Preview:
DESCRIPTION
TRANSCRIPT
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS GovCloud (US):Past, Present and Future
CJ Moses cmoses@amazon.com
Adam Clater aclater@redhat.com
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS GovCloud (US)• Isolated AWS Region designed to allow U.S. government
agencies and customers to move more sensitive workloads into the cloud by addressing their specific regulatory and compliance needs
• Built for Controlled Unclassified Information (CUI), Unclassified, Export Control, Privacy, Financial, and other more sensitive data workloads
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Migrate existing apps & data to the cloud
Build new apps, sites, & services for the mission
Augment on-premises resources with cloud capacity
Workload Strategies
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
CUI WorkloadsCUI Category CUI Category CUI Category
Agriculture Copyright Critical Infrastructure
Export Control (ITAR) Financial Immigration
Intelligence Law Enforcement Legal
Nuclear Patent Privacy
Proprietary (IP) Statistical Tax
Transportation
Executive Order 13556: Controlled Unclassified InformationRef: http://www.archives.gov/cui/registry/category-list.html#categories
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Customer Base• U.S. Government Agencies: Federal, state and local entities
• U.S. Government contractors, systems integrators, and FFRDCs
• U.S. Companies with IT regulatory requirements
• Workloads with Direct or Indirect Ties to U.S. Government Functions and Services
• Commercial Workloads with U.S. Export Control and/or CUI Considerations
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
• Top level account holders must be a US Person (individual or entity) as defined by the ITAR regulations
• Individual must be a US Citizen or Green Card Holder
• US entities must be:– A U.S. government organization at the Federal, State, Local, or Territorial
level
– A company or non-profit organization registered to do business in the United States
• IAM Accounts can be created as needed by the customer
Account Restrictions
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Security & Compliance Resources• Security & Compliance Center• Security Overview & Best Practices• AWS Risk & Compliance Whitepaper• Creating HIPAA Compliant Applications
Hardware, Software & Network• Systematic change management• Phased updates deployment• Safe storage decommission• Continuous monitoring and self-audit• Advanced network protection systems
Certifications and Accreditations• FISMA Moderate Compliant Controls• SOC1 - SSAE 16/ISAE 3402• ISO 27001• PCI DSS Level 1• FedRAMP Agency ATO• DIACAP up to MAC III Sensitive• HIPAA
Physical• Datacenters in nondescript facilities• Physical access strictly controlled• Must pass two-factor authentication at least twice
for floor access• Physical access logged and audited• Logical access logged and audited
Security and Compliance
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Why AWS GovCloud (US)• Meets Federal standards for security and privacy controls, including FedRAMP
and ITAR• Physical, Network, Machine, and Data isolation - only approved AWS U.S.
Persons have administrator access to restricted areas, networks, and systems • Isolated customer credentials, separate from Amazon.com and other regions• FIPS 140-2 Validated Hardware & Cryptographic Services for VPNs and API
End Points• All customer workloads and data maintained in the Continental United States• All account holders must be U.S. Persons or organizations not banned or
restricted from handling ITAR data by the Federal government• GovCloud billing and customer support is rolled into parent AWS account
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
History of AWS GovCloud• Launched in fall 2011 with a basic set of services• Built with government oriented customers in mind• Deployed new services to meet customer demand• Expanded Compliance Regimes beyond ITAR to
FISMA and FedRAMP
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
2012:
EC2 Cluster Compute Instances EC2 T1.micros instancesElastic Load BalancingAuto ScalingAmazon Simple Notification Service (Amazon SNS)Amazon Simple Queue Service (Amazon SQS)Amazon CloudWatch AlarmsAmazon DynamoDBAmazon Relational Database Services
MySQLOracle SQL Server
ElasticWolfAWS Customer Support Integration
2013:
AWS Management ConsoleAmazon Elastic Map Reduce (Amazon EMR)Amazon Simple Work FlowAWS Elastic Wolf Client Console
Section 508 certifiedVPC By DefaultAWS CloudFormationAWS Direct ConnectAMI Copy work aroundEMR ConsoleSWF ConsoleCloudFormation ConsoleTagging Route 53 (external support)CloudFront (external support)AWS Import/Export(external support)
2011:
Amazon Elastic Compute Cloud (EC2)Two Availability ZonesAmazon Simple Storage Service (S3)Full durability, designed at 99.9999999999%Amazon Elastic Block Store (EBS)Amazon Virtual Private Cloud (VPC)Required for all customersAmazon CloudWatch MetricsAWS Identity and Access Management Command Line API Access (No Console) Elasticfox )
Pace of Innovation
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Scale & Innovation… … Drive Costs Down
Invest in Capital
Invest in Technology
Improve Efficiency
Reduce Prices
Attract More Customers
43 price reductions across AWSsince our launch in 2006
Our Price Reduction Philosophy
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS GovCloud Today• Over a dozen launches in AWS
GovCloud (US) region since January 2014
• AWS ProServe team now offers ‘Security Architecture Assessment for FedRAMP Compliance’
2014:
RHELSUSEDynamoDB ConsoleEC2 M3 instancesEMR M3 supportEBS-Optimized InstancesVPC Peering Amazon SES (external support)EC2 Key Pair CreationEBS Provisioned IOPsEBS General Purpose SSD VolumesNew EC2 and VPC ConsolesRDS support for t1.micro instancesRDS support for M3 instancesRDS support for PIOPS Tagging for RDSRDS PostgreSQL
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
The Future• Continue building service parity and
focusing on the user experience• New service features and enhancements• Additional improvements and growth
based on customer feedback
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Learn More• AWS GovCloud (US) Site: http://aws.amazon.com/govcloud-us/ • Request an account: https://aws.amazon.com/govcloud-us/contact/ • AWS GovCloud (US) Events: http://aws.amazon.com/govcloud-us/events• Security Center: http://aws.amazon.com/security • Compliance (FIPS, FedRAMP): http://aws.amazon.com/compliance • Whitepapers: http://aws.amazon.com/whitepapers • Documentation: http://aws.amazon.com/documentation/ • Simple Monthly Calculator: http://aws.amazon.com/calculator• Economics: http://aws.amazon.com/economics• AWS Webinars: http://aws.amazon.com/what-is-cloud-computing/
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014?Questions?
top related