Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
AWS GovCloud (US) - Moses
1. AWS GovCloud (US)
CJ Moses | cmoses@amazon.com
GM, Government Cloud Solutions
October 10, 2012
2. Security is Job Zero!
http://aws.amazon.com/security/
Certifications and Accreditations
• FISMA Moderate Compliant Controls
– FedRAMP Application(s) Submitted
• SOC1 - SSAE 16/ISAE 3402
• ISO 27001
• PCI DSS Level 1
• FIPS 140-2 Compliant Endpoints GovCloud Only
AWS Public Sector Summit 2012: Achieving Success in the Cloud
3. Cloud is Cool, BUT:
Data has to stay in CONUS
Must meet Federal standards for security and privacy
controls
US Persons only access
Data Isolation, Network Isolation, Machine Isolation
AWS Public Sector Summit 2012: Achieving Success in the Cloud
4. Targeted to US Government Customers
US governmental entity or supporting companies
FISMA Moderate Compliant Controls
US Persons-Only access (Physical & Logical)
• AWS will screen direct customers prior to providing access to the AWS GovCloud (US). Direct customers
must be:
– U.S. Persons;
– not subject to export restrictions; and
– comply with U.S. export control laws and regulations, including the International Traffic In Arms
Regulations.
Data Isolation (Service & IAM Controls)
Network Isolation (VPC required, FIPS 140-2 Compliant endpoints)
Machine Isolation (Dedicated instances optional)
AWS Public Sector Summit 2012: Achieving Success in the Cloud
5. Amazon VPC Architecture
Customer’s isolated
AWS resources
Subnets
NAT
Internet Router
VPN
Gateway
Amazon
Secure VPN
Connection over
Web Services
the Internet Cloud
Customer’s
Network AWS Public Sector Summit 2012: Achieving Success in the Cloud
6. AWS Deployment Models
Logical Server Granular Logical Physical Government Only ITAR Sample Workloads
and Information Network server Physical Network Compliant
Application Access Policy Isolation Isolation and Facility (US Persons
Isolation Isolation Only)
Commercial Cloud Public facing apps. Web
sites, Dev test, FISMA Low
& Moderate
Virtual Private Data Center extension, TIC
Cloud (VPC) environment, email,
FISMA Moderate
AWS GovCloud (US) USP Compliant, CUI and
Government Specific
Apps.
AWS Public Sector Summit 2012: Achieving Success in the Cloud
7. AWS GovCloud (US) Services @ Launch
• Amazon Elastic Compute Cloud (EC2)
– Two Availability Zones
– Standard, High-Mem and High-CPU Instances available
• Amazon Simple Storage Service (S3)
– Full durability, designed at 99.999999999%
• Amazon Elastic Block Store (EBS)
• Amazon Virtual Private Cloud (VPC)
– Required for all customers
• Amazon CloudWatch Metrics
• AWS Identity and Access Management (IAM)
• Command Line API Access (No Console)
– Elasticfox (Firefox plugin)
AWS Public Sector Summit 2012: Achieving Success in the Cloud
8. So What’s New?
• EC2 Cluster Compute Instances
– Cluster Compute Eight Extra Large 60.5 GB
memory, 88 EC2 Compute Units, 3370 GB of local
instance storage, 64-bit platform, 10 Gigabit
Ethernet
AWS Public Sector Summit 2012: Achieving Success in the Cloud
9. So What’s New? cont.
• Elastic Load Balancing
– Distributes incoming application traffic across
multiple Amazon EC2 instances, providing greater
fault tolerance and scalability
– Gated access through your Account Mgr in Beta
while we finish up final acceptance testing
AWS Public Sector Summit 2012: Achieving Success in the Cloud
10. So What’s New? cont.
• Auto Scaling
– Increase and decrease your Amazon EC2 capacity
according to conditions you define, including
schedule- and demand-based scaling
AWS Public Sector Summit 2012: Achieving Success in the Cloud
11. So What’s New? cont.
• Amazon Simple Notification Service (Amazon
SNS)
– Highly available and scalable system that provides the
ability to publish messages from an application and
deliver them to subscribers or other applications.
– Amazon SNS supports notifications via email, HTTP,
and to SQS queues
AWS Public Sector Summit 2012: Achieving Success in the Cloud
12. So What’s New? cont.
• Amazon Simple Queue Service (Amazon SQS)
– a highly available and durable message queue
service that enables asynchronous messaging
between distributed components in a system
AWS Public Sector Summit 2012: Achieving Success in the Cloud
13. So What’s New? cont.
• Amazon CloudWatch
– Monitoring for AWS cloud resources and applications,
including Amazon EC2 instances, Amazon EBS
volumes, Amazon SNS topics, and Amazon SQS
queues
– Set alarms on any of your metrics to receive
notifications or take other automated actions when
your metric crosses your specified threshold
AWS Public Sector Summit 2012: Achieving Success in the Cloud
14. So What’s New? cont.
• ElasticWolf
– We have supported the
creation of the ElasticWolf
client-side application
– ElasticWolf runs on both
Windows and Mac
– Supports all of the new features
and with all of the AWS regions
including GovCloud (US)
– www.elasticwolf.com
AWS Public Sector Summit 2012: Achieving Success in the Cloud
15. Please join us!
Amazon Web Services GovCloud (US) Region - New Feature Launch Party
Wednesday, October 10, 2012, 5:00pm-7:00pm
Rosa Mexicano Restaurant
575 7th Street Northwest
Washington, DC 2004
AWS Public Sector Summit 2012: Achieving Success in the Cloud
16. Getting Started
• Customers who are interested in learning more about the AWS
GovCloud (US) should contact their Public Sector Sales
representative by filling out the Contact Us form on the AWS
GovCloud (US) website.
• http://aws.amazon.com/govcloud-us/contact/ or call us at 703-561-
9600
AWS Public Sector Summit 2012: Achieving Success in the Cloud