Compu net response

of 31
RFP # 22-16 July 11
th
, 2016

of 31
RFP # 22-16 July 11
th
, 2016
July 11th, 2016
Region 14 Education Service Center
1850 Highway 351
Abilene, Texas 79601
RE: RFP # 22-16
NCPA:
It is a pleasure to introduce CompuNet, Inc. as a Northwest based, Enterprise Grade Systems Integrator. CompuNet
offers Data Center, Networking, Security, Unified Communications, Automation, Cloud, and Carrier services to
commercial, healthcare, enterprise, state, local, and education clients. As a full solution provider, we are
strategically partnered with best-in-class technology manufacturers to provide a solution set that provides the
breadth our customers demand. Key vendors include: Cisco, VMware, EMC, VCE, Pure, NetApp, CommVault, F5
Networks, Amazon Web Service, and Microsoft Azure. Our value continues to resonate with our customer base
because of our unique “Engineering-Led” business model that provides a 5 to 1 Engineer to Account Manager ratio.
CompuNet, Inc., founded in 1998, is a northwest-based Network Engineering Company with offices in Bozeman,
Montana; Meridian, Lewiston and Grangeville, Idaho; Portland Oregon, Spokane, Washington and Salt Lake City,
Utah, Seattle, Washington and Phoenix, Arizona. Although our physical presence is concentrated in the Northwest,
we do have larger clients that require our services both nationally and internationally. CompuNet has a deep and
wide data center, cloud, colocation and ISP practice, with extensive certifications and experience with, AWS, EMC,
Cisco, VMware and Microsoft and partnered with local, regional, national and global, cloud, colocation, and ISP
providers. We staff over 180 people with 100 of those team members being engineers. With each hire, CompuNet
pursues the best talent in the market and evaluates their ability to provide superior customer service, expertise in
their respective technology focus, and ensures that they match the cultural values of CompuNet.
CompuNet, Inc. has had a great deal of direct experience supporting State, Local and Education divisions and a list
is provided below under organization references section (Tab 6). CompuNet's engineering team has extensive
knowledge, cloud certifications in architecture, sys ops, public sector, and is an approved Public Sector and
Government Cloud reseller. We are committed to perform any and all services as required by this RFP. In addition
to this document, which is the transmittal letter of the bid document set, we have enclosed all requested
information, which will underscore value of our solution for your specific project. We look forward to your
response on our bid. Please contact the undersigned for any further clarifications on this document.
Thomas McFarlin
Director of Operations
O. (208) 286-3000
C. (208) 859-2322
tmcfarlin@compunet.biz

of 31
RFP # 22-16 July 11
th
, 2016
Table of Contents
Tab 1 – Signature Form
Tab 2 – NCPA Administration Agreement
Tab 3 – Vendor Questionnaire
Tab 4 – Vendor Profile
Tab 5 – Products and Services / Scope
Tab 6 – References
Tab 7 – Pricing
Tab 8 – Value Added Products and Services
Tab 9 – Required Documents

of 31
RFP # 22-16 July 11
th
, 2016
Tab 1 - Signature Form
The undersigned hereby proposes and agrees to furnish goods and/or services in strict compliance with the terms,
specifications and conditions at the prices proposed within response unless noted in writing. The undersigned
further certifies that he/she is an officer of the company and has authority to negotiate and bind the company
named below and has not prepared this bid in collusion with any other Respondent and that the contents of this
proposal as to prices, terms or conditions of said bid have not been communicated by the undersigned nor by any
employee or agent to any person engaged in this type of business prior to the official opening of this proposal.
Prices are guaranteed: 120 days
Company name CompuNet, Inc.
Address 2264 S. Bonito Way, Suite 150
City/State/Zip Meridian, ID 84652
Telephone No. (208)286-3000
Fax No. (208)286-3002
Email address tmcfarlin@compunet.biz
Printed name Thomas McFarlin
Position with company Director of Operations
Authorized signature
Date
7/15/2016

of 31
RFP # 22-16 July 11
th
, 2016
Tab 2 - NCPA Administration Agreement
This Administration Agreement is made as of , by and between National Cooperative Purchasing
Alliance (“NCPA”) and CompuNet, Inc. (“Vendor”).
Recitals
WHEREAS, Region 14 ESC has entered into a certain Master Agreement dated , referenced as Contract
Number , by and between Region 14 ESC and Vendor, as may be amended from time to time in accordance
with the terms thereof (the “Master Agreement”), for the purchase of Cloud Collaboration and Storage Services;
WHEREAS, said Master Agreement provides that any state, city, special district, local government, school district,
private K-12 school, technical or vocational school, higher education institution, other government agency or nonprofit
organization (hereinafter referred to as “public agency” or collectively, “public agencies”) may purchase products and
services at the prices indicated in the Master Agreement;
WHEREAS, NCPA has the administrative and legal capacity to administer purchases under the
Master Agreement to public agencies;
WHEREAS, NCPA serves as the administrative agent for Region 14 ESC in connection with other
master agreements offered by NCPA
WHEREAS, Region 14 ESC desires NCPA to proceed with administration of the Master Agreement;
WHEREAS, NCPA and Vendor desire to enter into this Agreement to make available the Master
Agreement to public agencies on a national basis;
NOW, THEREFORE, in consideration of the payments to be made hereunder and the mutual
covenants contained in this Agreement, NCPA and Vendor hereby agree as follows:
 General Terms and Conditions
 The Master Agreement, attached hereto as Tab 1 and incorporated herein by reference as though fully
set forth herein, and the terms and conditions contained therein shall apply to this Agreement except as
expressly changed or modified by this Agreement.
 NCPA shall be afforded all of the rights, privileges and indemnifications afforded to Region14 ESC under
the Master Agreement, and such rights, privileges and indemnifications shall accrue and apply with
equal effect to NCPA under this Agreement including, but not limited to, the Vendor’s obligation to
provide appropriate insurance and certain indemnifications to Region 14 ESC.
 Vendor shall perform all duties, responsibilities and obligations required under the Master Agreement
in the time and manner specified by the Master Agreement.
 NCPA shall perform all of its duties, responsibilities, and obligations as administrator of purchases
under the Master Agreement as set forth herein, and Vendor acknowledges that NCPA shall act in the
capacity of administrator of purchases under the Master Agreement.
 With respect to any purchases made by Region 14 ESC or any Public Agency pursuant to the Master
Agreement, NCPA (a) shall not be construed as a dealer, re-marketer, representative, partner, or agent of
any type of Vendor, Region 14 ESC, or such Public Agency, (b) shall not be obligated, liable or
responsible (i) for any orders made by Region 14 ESC, any Public Agency or any employee of Region 14
ESC or Public Agency under the Master Agreement, or (ii) for any payments required to be made with
August 1, 2016
August 1, 2016
01-62

of 31
RFP # 22-16 July 11
th
, 2016
respect to such order, and (c) shall not be obligated, liable or responsible for any failure by the Public
Agency to (i) comply with procedures or requirements of applicable law, or (ii) obtain the due
authorization and approval necessary to purchase under the Master Agreement. NCPA makes no
representations or guaranties with respect to any minimum purchases required to be made by Region
14 ESC, any Public Agency, or any employee of Region 14 ESC or Public Agency under this Agreement or
the Master Agreement.
 The Public Agency participating in the NCPA contract and Vendor may enter into a separate
supplemental agreement to further define the level of service requirements over and above the
minimum defined in this contract i.e. invoice requirements, ordering requirements, specialized delivery,
etc. Any supplemental agreement developed as a result of this contract is exclusively between the Public
Agency and Vendor. NCPA, its agents, members and employees shall not be made party to any claim for
breach of such agreement.
 Term of Agreement
 This Agreement shall be in effect so long as the Master Agreement remains in effect, provided, however,
that the obligation to pay all amounts owed by Vendor to NCPA through the termination of this
Agreement and all indemnifications afforded by Vendor to NCPA shall survive the term of this
Agreement.
 Fees and Reporting
 The awarded vendor shall electronically provide NCPA with a detailed monthly or quarterly report
showing the dollar volume of all sales under the contract for the previous month or quarter. Reports
shall be sent via e-mail to NCPA offices at reporting@ncpa.us. Reports are due on the fifteenth (15th)
day after the close of the previous month or quarter. It is the responsibility of the awarded vendor to
collect and compile all sales under the contract from participating members and submit one (1) report.
The report shall include at least the following information as listed in the example below:
Entity Name Zip Code State PO or Job # Sale Amount
Total
 Each quarter NCPA will invoice the vendor based on the total of sale amount(s) reported. From the
invoice the vendor shall pay to NCPA an administrative fee based upon the tiered fee schedule below.
Vendor’s annual sales shall be measured on a calendar year basis. Deadline for term of payment will be
included in the invoice NCPA provides.
Annual Sales Through Contract Administrative Fee
$0 - $30,000,000 2%
$30,000,000 - $50,000,000 1.5%
$50,000,001 + 1%

of 31
RFP # 22-16 July 11
th
, 2016
 Supplier shall maintain an accounting of all purchases made by Public Agencies under the Master
Agreement. NCPA and Region 14 ESC reserve the right to audit the accounting for a period of four (4)
years from the date NCPA receives the accounting. In the event of such an audit, the requested materials
shall be provided at the location designated by Region 14 ESC or NCPA. In the event such audit reveals
an underreporting of Contract Sales and a resulting underpayment of administrative fees, Vendor shall
promptly pay NCPA the amount of such underpayment, together with interest on such amount and shall
be obligated to reimburse NCPA’s costs and expenses for such audit.
 General Provisions
 This Agreement supersedes any and all other agreements, either oral or in writing, between the parties
hereto with respect to the subject matter hereof, and no other agreement, statement, or promise relating
to the subject matter of this Agreement which is not contained herein shall be valid or binding.
 Awarded vendor agrees to allow NCPA to use their name and logo within website, marketing materials
and advertisement. Any use of NCPA name and logo or any form of publicity regarding this contract by
awarded vendor must have prior approval from NCPA.
 If any action at law or in equity is brought to enforce or interpret the provisions of this Agreement or to
recover any administrative fee and accrued interest, the prevailing party shall be entitled to reasonable
attorney’s fees and costs in addition to any other relief to which such party may be entitled.
 Neither this Agreement nor any rights or obligations hereunder shall be assignable by Vendor without
prior written consent of NCPA. Any assignment without such consent will be void.
 This Agreement and NCPA’s rights and obligations hereunder may be assigned at NCPA’s sole discretion,
to an existing or newly established legal entity that has the authority and capacity to perform NCPA’s
obligations hereunder All written communications given hereunder shall be delivered to the addresses
as set forth below.
National Cooperative Purchasing Alliance: Vendor CompuNet, Inc.
Name: Name: Thomas McFarlin
Title: Title: Director of Operations
Address: Address: 2264 S. Bonito Way, suite 150
Meridian, ID 83642
Signature: Signature:
Date: Date: 7/15/2016
Matthew Mackel
Director, Business Development
PO Box 701273
Houston, TX 77270
August 1, 2016

of 31
RFP # 22-16 July 11
th
, 2016
Tab 3 - Vendor Questionnaire
Please provide responses to the following questions that address your company’s operations, organization, structure,
and processes for providing products and services.
 States Covered
 Bidder must indicate any and all states where products and services can be offered.
 Please indicate the price co-efficient for each state if it varies.
 50 States & District of Columbia (Selecting this box is equal to checking all boxes below)
 Alabama  Maryland  South Carolina
 Alaska  Massachusetts  South Dakota
 Arizona  Michigan  Tennessee
 Arkansas  Minnesota  Texas
 California  Mississippi  Utah
 Colorado  Missouri  Vermont
 Connecticut  Montana  Virginia
 Delaware  Nebraska  Washington
 District of Columbia  Nevada  West Virginia
 Florida  New Hampshire  Wisconsin
 Georgia  New Jersey  Wyoming
 Hawaii  New Mexico 
 Idaho  New York 
 Illinois  North Carolina 
 Indiana  North Dakota 
 Iowa  Ohio 
 Kansas  Oklahoma 
 Kentucky  Oregon 
 Louisiana  Pennsylvania 
 Maine  Rhode Island 

of 31
RFP # 22-16 July 11
th
, 2016
 All US Territories and Outlying Areas (Selecting this box is equal to checking all boxes below)
 American Samoa  Northern Marina Islands
 Federated States of Micronesia  Puerto Rico
 Guam  U.S. Virgin Islands
 Midway Islands
 Minority and Women Business Enterprise (MWBE) and (HUB) Participation
 It is the policy of some entities participating in NCPA to involve minority and women business
enterprises (MWBE) and historically underutilized businesses (HUB) in the purchase of goods
and services. Respondents shall indicate below whether or not they are an M/WBE or HUB
certified.
 Minority / Women Business Enterprise
 Respondent Certifies that this firm is a M/WBE 
 Historically Underutilized Business
 Respondent Certifies that this firm is a HUB 
 Residency
 Responding Company’s principal place of business is in the city of Meridian,
State of Idaho.
 Felony Conviction Notice
 Please Check Applicable Box;
 A publically held corporation; therefore, this reporting requirement is not applicable.
 Is not owned or operated by anyone who has been convicted of a felony.
 Is owned or operated by the following individual(s) who has/have been convicted of
a felony.
 If the 3rd box is checked, a detailed explanation of the names and convictions must be
attached.
 Distribution Channel
 Which best describes your company’s position in the distribution channel:
 Manufacturer Direct  Certified education/government reseller
 Authorized Distributor
 Manufacturer marketing through
reseller
 Value-added reseller
 Other _______________________________________
 Processing Information
 Provide company contact information for the following:
 Sales Reports / Accounts Payable
Contact Person: Jancy Scott
Title: Operations Analyst
Company: CompuNet, Inc.
Address: 2264 S. Bonito Way, suite 150
City: Meridian State: Idaho Zip: 83642
Phone: (208) 286-3028 Email: jscott@compunet.biz

of 31
RFP # 22-16 July 11
th
, 2016
 Purchase Orders
Contact Person: Christopher Paskewich
Title: Cloud Operations
Phone: (503) 214-4608Email: cpaskewich@compunet.biz
 Sales and Marketing
Contact Person: Dan Beeler
Title: Cloud Director
Phone: (208) 286-3014Email: dbeeler@compunet.biz
 Pricing Information
 In addition to the current typical unit pricing furnished herein, the Vendor agrees to offer
 If answer is no, attach a statement detailing how pricing for NCPA participants
would be calculated for future product introductions.
 Yes  No
 Pricing submitted includes the required NCPA administrative fee. The NCPA fee is
calculated based on the invoice price to the customer.
 Yes  No
 Vendor will provide additional discounts for purchase of a guaranteed quantity.

of 31
RFP # 22-16 July 11
th
, 2016
Tab 4 - Vendor Profile
Please provide the following information about your company:
 Company’s official registered name.
CompuNet, Inc.
 Brief history of your company, including the year it was established.
CompuNet, Inc., founded in 1998, is a northwest-based Data Center, Cloud and Network Engineering Company with
offices in Bozeman, Montana; Meridian, Lewiston and Grangeville, Idaho; Portland Oregon, Spokane, Washington, Salt
Lake City, Utah, Seattle, Washington and Phoenix, Arizona. Although our physical presence is concentrated in the
Northwest, we do have larger clients that require our services both nationally and internationally. CompuNet has a
deep and wide data center, cloud, colocation and networking practice, with extensive experience with, AWS, EMC,
Cisco, VMware and Microsoft, F5, Palo Alto to name a few. We are certified in cloud architecture, partnered with local,
regional, national and global, cloud providers able to deliver customized, secure and compliant solutions based on
organizational requirements. We staff over 180 people with 100 of those team members, including our executive
leadership, being engineers. With each hire, CompuNet pursues the best talent in the market and evaluates their
ability to provide superior customer service, expertise in their respective technology focus, and ensures that they
match the cultural values of CompuNet.
 Company’s Dun & Bradstreet (D&B) number.
62-702-4636
 Company’s organizational chart of those individuals that would be involved in the contract.
Sales Technical Technical Technical
Steve Frey Josh Guice Brandon Morgan Carl Norman
Business Development
Manager
Solutions Architect Solutions Architect Solutions Architect
(208) 286-3073 (503) 214-4638 (503) 214-4613 (503) 214-4635
sfrey@compunet.biz jguice@compunet.biz bmorgan@compunet.biz cnorman@compunet.biz
Director Operations/Contracts/Billing Support RFP Response Support
Dan Beeler Christopher Paskewich Meredith Newton Jancy Scott
Director Cloud Operations SLED Business Development
Manager
Operations Analyst
(208) 286-3014 (503) 214-4608 (208) 488-7223 (208) 286-3028
dbeeler@compunet.biz cpaskewich@compunet.biz mnewton@compunet.biz jscott@compunet.biz
 Corporate office location.
2264 S. Bonito Way
Meridian, ID 83642

of 31
RFP # 22-16 July 11
th
, 2016
 List the number of sales and services offices for states being bid in solicitation.
Arizona: 1 Idaho: 3 Montana: 2
Oregon: 1 Utah: 1 Washington: 2
 List the names of key contacts at each with title, address, phone and e-mail address.
Arizona & Southern California Idaho Idaho
1334 E. Chandler Blvd, Suite 5-
A13
2264 S. Bonito Way, Suite 150 507 Thain Road
Phoenix, AZ 85048 Meridian, ID 83642 Lewiston, ID 83501
Scott Blasenak Jay Ellis Dominic Ponozzo
Account Manager Vice President Account Manager
(602) 300-4863 (208) 286-3030 (208) 791-3297
sblasenak@compunet.biz jellis@compunet.biz dponozzo@compunet.biz
Idaho Montana & Wyoming Montana
1710 Daffodil Place 801 W. Main St., Suite 2C & 2D 55 W. 14th St., Suite 202
Idaho Falls, ID 83404 Bozeman, MT 59715 Helena, MT 59601
Randy Elsethagen Adam Kopczuk Adam Kopczuk
Account Manager Account Manager Account Manager
(208) 221-2475 (406) 410-0730 (406) 410-0730
relsethagen@compunet.biz akopczuk@compunet.biz akopczuk@compunet.biz
Oregon & Northern California Utah & California & Nevada Western Washington
5400 Meadows Road, Suite 120 6985 S. Union Park Ctr., Suite
250
5400 Meadows Road, Suite
120
Lake Oswego, OR 97035 Cottonwood Heights, UT 84047 Lake Oswego, OR 97035
Mark DeMaine Shawn Heiden Colleen Tillman
Vice President Vice President Account Manager
(503) 214-4606 (801) 747-5052 (206) 200-5301
mdemaine@compunet.biz sheiden@compunet.biz ctillman@compunet.biz
Eastern Washington
1326 N. Whitman Lane
Liberty Lake, WA 99019
Dominic Casey
Account Manager
(208) 286-3047
dcasey@compunet.biz
 Define your standard terms of payment.
Net 30
 Who is your competition in the marketplace? CompuNet competes with other National and regional value-added
resellers (VAR’s) and IT consulting firms.

of 31
RFP # 22-16 July 11
th
, 2016
 What differentiates your company from competitors?
Our engineering-centric engagement model. Each customer works with a dedicated local team who understands their
business, their infrastructure, and their goals. This team takes ownership for the entire project lifecycle, from discovery and
design through deployment, training, and handoff. Our engineering-led culture means that our engineers make decisions
based on good engineering and design principles, not sales quotas. Decisions to bring in products and services to our
customers are made by experienced and certified engineers who listen to customer demand. It is not driven by sales people
or by manufacturer pressures. This autonomy of our engineers and our cultural respect for excellent engineering sets us
apart from many of our sales-led competitors. This innovative company structure makes for happy employees and happy
customers.
Our people. Our team consists of highly skilled IT architects and enterprise engineers with a long history designing IT
solutions that solve real-world business problems, and improve operational efficiency. Our Account Managers all have a
consistent thread of; experience with long-term relationship first mentalities and who do not carry sales quotas
Our track record. Because of our absolute commitment to helping customers achieve success, many of our engagements
become long-term relationships. We are proud that our customers across many industries see us as a trusted advisor. You
will hopefully hear this for yourself in communicating with the references we will provide in this response.
Our relationships. Our partnerships bring you a broad ecosystem of technologies and solutions that can meet your business
and technical requirements. Plus, we hold some of the industry’s most elite partner certifications.
Our approach. While we know perfection is tough to achieve, we always have it in our sights. Every day we work to design,
deliver, and support IT solutions that help our customers succeed, whether they need to cut costs, boost productivity, reach
new markets, or all of the above.
 Describe how your company will market this contract if awarded. CompuNet has an active; State, Local and Education
strategy with dedicated employees and resources with many long standing and new customers. We communicate to these
as well as prospective customers frequently with information about new technologies, services and buying vehicles. We also
hold exclusive public sector events to accomplish the same on a larger scale. We will also publish this information on our
website. Should we be awarded with the ability to be named to NCPA, CompuNet will proactively market to all of the above
with an email campaign, an official press release on our News feed on our Website and social media outlets as well as at all
in-person events over the coming months
 Describe how you intend to introduce NCPA to your company. CompuNet holds weekly all-staff meetings as well as
leadership meetings in which we will announce our partnership and then we will write up an official press-release of the
same and post to our internal communication hub.
 Describe your firm’s capabilities and functionality of your on-line catalog / ordering website. Our corporate website;
www.compunet.biz has a marketplace login for participating organizations to log in. This login exists today and will be
expanded if awarded the contract.
 Describe your company’s Customer Service Department (hours of operation, number of service centers, etc.)
Sales and Sales Support: Monday-Friday, 8:00AM-5:00PM Mountain Time
VEC (Virtual Engineering Center): 24x7x365 - Managed Services/Support

of 31
RFP # 22-16 July 11
th
, 2016
 Green Initiatives
 As our business grows, we want to make sure we minimize our impact on the Earth’s climate. We are taking every
step we can to implement innovative and responsible environmental practices throughout NCPA to reduce our
carbon footprint, reduce waste, energy conservation, ensure efficient computing and much more.
We have chosen partnerships with Cloud Service Providers and Data Centers that are located in “Energy Export
States’ to offer our customers green, LEED certified options. We practice best of breed virtualization practices to
enable our customers to reduce their IT footprint wherever possible. We also have developed a cloud consultancy,
encouraging our customers to further reduce their data center, and infrastructure footprints.
 Vendor Certifications (if applicable)
 Provide a copy of all current licenses, registrations and certifications issued by federal, state and local agencies, and
any other licenses, registrations or certifications from any other governmental entity with jurisdiction, allowing
respondent to perform the covered services including, but not limited to, licenses, registrations, or certifications.
Certifications can include M/WBE, HUB, and manufacturer certifications for sales and service
Yes, CompuNet, Inc. is a certified consulting partner of Amazon Web Services.
Certifications:
AWS GOVCLOUD AWS Public Sector AWS Architecture AWS SYSOPS
Programs:
Authorized Public Sector and Government Reseller, Amazon Marketplace Consulting Partner
http://www.aws-partner-directory.com/PartnerDirectory/PartnerDetail?Name=CompuNet

of 31
RFP # 22-16 July 11
th
, 2016
Tab 5 - Products and Services
Respondent shall perform and provide these products and/or services under the terms of this agreement. The supplier
shall assist the end user with making a determination of their individual needs.
The following is a list of suggested (but not limited to) categories. List all categories along with manufacturer that you
are responding with:
Product, Description (hyperlinked and also printed copies are included in AWS package) and Services Below:
Compute Storage & Content Delivery Database
Amazon EC2 Amazon S3 Amazon RDS
Amazon EC2 Container Registry Amazon CloudFront
AWS Database Migration
Service
Amazon EC2 Container Service Amazon EBS Amazon DynamoDB
AWS Elastic Beanstalk Amazon Elastic File System Amazon ElastiCache
AWS Lambda Amazon Glacier Amazon Redshift
Auto Scaling AWS Import/Export Snowball Amazon SimpleDB
Elastic Load Balancing AWS Storage Gateway
Amazon VPC
Networking Analytics Enterprise Applications
Amazon VPC Amazon EMR Amazon WorkSpaces
AWS Direct Connect AWS Data Pipeline Amazon WorkDocs
Elastic Load Balancing Amazon Elasticsearch Service Amazon WorkMail
Amazon Route 53 Amazon Kinesis
Amazon Machine Learning
Amazon Redshift
Amazon QuickSight
Internet of Things
AWS IoT

of 31
RFP # 22-16 July 11
th
, 2016
Mobile Services Developer Tools Management Tools
AWS Mobile Hub AWS CodeCommit Amazon CloudWatch
Amazon API Gateway AWS CodeDeploy AWS CloudFormation
Amazon Cognito AWS CodePipeline AWS CloudTrail
AWS Device Farm AWS Command Line Tool AWS Command Line Tool
Amazon Mobile Analytics AWS Config
AWS Mobile SDK AWS Management Console
Amazon SNS AWS OpsWorks
AWS Service Catalog
Amazon Trusted Advisor
Security and Identity Application Services Game Development
AWS Identity and Access
Management (IAM)
Amazon API Gateway Amazon Lumberyard
AWS Certificate Manager Amazon AppStream
AWS CloudHSM Amazon CloudSearch
AWS Directory Service Amazon Elastic Transcoder
Amazon Inspector Amazon FPS
AWS Key Management Service Amazon SES
AWS WAF Amazon SNS
AWS Security Token Service Amazon SQS
Amazon SWF
Software Government
AWS Marketplace AWS GOVCloud

This Amazon Web Services, Inc. (AWS) package is provided for informational purposes only. The services included
in this package are standard commercial services and due to the unique nature of the services, AWS’s standard
terms and conditions must govern any use of and access to AWS services and are available at
http://aws.amazon.com/agreement/. This package may include a set of suggested solutions for this opportunity that
are based on our limited information, and should not be construed as a binding offer from AWS. For current prices for
AWS services, please refer to the AWS website at www.aws.amazon.com.
Amazon Web Services Partner Package
for: National Cooperative Purchasing
Alliance (NCPA)
Request for Proposal (RFP) for Cloud
Collaboration and Storage Services
Solicitation Number: 22-16
July 11, 2016
Submitted By:
Amazon Web Services, Inc.
410 Terry Avenue North
Seattle, WA 98109-5210
Cage Code: 66EB1
DUNS Number: 965048981
NAICS: 518210

AWS Partner Package
July 11, 2016 Page iii
AMAZON WEB SERVICES, INC. CONFIDENTIAL. THE INFORMATION IN THIS DOCUMENT MAY NOT BE
DISCLOSED WITHOUT THE PRIOR WRITTEN CONSENT OF AMAZON WEB SERVICES, INC.
Guidance on Service Name Usage
On first use, all service names must be written out completely. After that, you may abbreviate the service name, but
only in strict conformance with the abbreviated service names noted in parentheses in the table below. Exception:
The following service names must always include “Amazon” based on trademark rights and settlement agreements:
 Amazon AppStream  Amazon Kinesis
 Amazon Cognito  Amazon Machine Learning (Amazon ML)
 Amazon Glacier  Amazon Redshift
AWS CloudFormation Amazon FPS Account Management
Quick Start
AWS Service Health Dashboard
Amazon CloudFront (Cloudfront) Amazon FPS Advanced Quick Start Amazon Silk
AWS CloudHSM (CloudHSM) Amazon FPS Aggregated Payments
Quick Start
Amazon Simple Email Service
(Amazon SES)
Amazon CloudWatch (Cloudwatch) Amazon FPS Basic Quick Start Amazon Simple Notification Service
(Amazon SNS)
Amazon CloudSearch Amazon FPS Marketplace Quick Start Amazon Simple Pay
Amazon CloudWatch Amazon Fulfillment Web Service
(Amazon FWS)
Amazon Simple Queue Service
(Amazon SQS)
AWS Data Pipeline Amazon Glacier Amazon Simple Storage Service
(Amazon S3)
Amazon DevPay (Devpay) AWS GovCloud Amazon Simple Workflow Service
(Amazon SWF)
AWS Direct Connect AWS Identity and Access
Management
Amazon SimpleDB
Amazon DynamoDB (DynamoDB) AWS Import/Export AWS Storage Gateway
AWS Elastic Beanstalk (Elastic
Beanstalk)
AWS Management Console AWS Toolkit for Eclipse
Amazon Elastic Block Store (Amazon
EBS)
AWS Marketplace AWS Toolkit for Visual Studio
Amazon Elastic Compute Cloud
(Amazon EC2)
Amazon Mechanical Turk (Beta) AWS Tools for Windows
PowerShell
Elastic Load Balancing Molecular Modeling Amazon Virtual Private Cloud
(Amazon VPC)
Amazon Elastic MapReduce (Amazon
EMR)
AWS OpsWorks AWS VPN CloudHub
Amazon Elastic Transcoder Amazon Redshift AWS Public Data Sets
Amazon ElastiCache Amazon Relational Database Service
(Amazon RDS)
AWS SDK for .NET
Amazon Flexible Payments Service
(Amazon FPS)
Amazon Route 53 (Route 53) AWS Solution Providers Program
AWS Flow Framework AWS Security Token Service (AWS
STS)
AWS Toolkit for Eclipse

AWS Partner Package
July 11, 2016 Page 1
1.0 AWS Overview
Amazon has a long history of using a decentralized IT infrastructure. This has enabled
our development teams to access compute and storage resources on demand, and it
has increased overall productivity and agility. By 2005, Amazon had spent over a
decade and millions of dollars building and managing the large-scale, reliable, and
efficient IT infrastructure that powers one of the world’s largest online retail platforms.
Amazon launched Amazon Web Services, Inc. (AWS) so that other organizations could
benefit from Amazon’s experience and investment in running a large-scale, distributed,
transactional IT infrastructure. AWS has been operating since 2006 and now serves
more than one million active customers every month worldwide.
1.1 The Differences that Distinguish AWS
AWS is readily distinguished from other vendors in the traditional IT computing
landscape because it is:
 Flexible. AWS enables organizations to use the programming models, operating
systems, databases, and architectures with which they are already familiar. In
addition, this flexibility helps organizations mix and match architectures in order
to serve their diverse business needs.
 Cost effective. With AWS, organizations pay only for what they use, without up-
front costs or long-term commitments.
 Scalable and elastic. Organizations can quickly add and subtract AWS
resources to and from their applications in order to meet customer demand and
manage costs.
 Innovative. AWS launched 722 new services and features in 2015, and as of
June 1, we have released 368 new features and services in 2016. Our pace of
innovation is funded and sustained through our economies of scale and
commitment to delivering the products and services that matter most to our
customers. Our continual innovation ensures that customers maintain state-of-
the-art IT infrastructure without having to make recapitalization investments.
 Secure. In order to provide end-to-end security and end-to-end privacy, AWS
builds services in accordance with security best practices, provides the
appropriate security features in those services, and documents how to use those
features.
 Experienced. When using AWS, organizations can leverage AWS’s many years
of experience delivering large-scale, global infrastructure in a reliable, secure
fashion.
1.2 Business Benefits of AWS Cloud Services
There are additional business benefits that AWS Cloud services can help customers
realize. A few of these are listed here:
 Almost Zero Upfront Infrastructure Investment: If a customer wants to build a
large-scale system, it may cost a fortune to invest in real estate, physical

AWS Partner Package
security, hardware (racks, servers, routers, backup power supplies), hardware
management (power management, cooling), and operations personnel. Because
of the high upfront costs, the project would typically require several rounds of
management approvals before the project could even get started. With AWS’s
utility-style cloud computing, there is no fixed cost or startup cost.
 Just-In-Time Infrastructure: In the past, if an application became popular and a
business’ systems or infrastructure did not scale, it became a victim of its own
success. Conversely, if a developer invested heavily and did not get popular, it
became a victim of failure. By deploying applications in the AWS Cloud with just-
in-time self-provisioning, customers do not have to worry about pre-procuring
capacity for large-scale systems. AWS’s cloud increases agility, lowers risk, and
lowers operational cost, because customers can scale cloud resources as they
grow and only pay for what they use.
 More Efficient Resource Utilization: System administrators usually worry about
procuring hardware (when they run out of capacity) and higher infrastructure
utilization (when they have excess and idle capacity). With AWS, they can
manage resources more effectively and efficiently by having the applications
request and relinquish resources on-demand.
 Usage-Based Costing: With utility-style pricing, AWS customers are billed only
for the infrastructure that has been used. AWS customers do not pay for
allocated but unused infrastructure. This adds a new dimension to cost savings,
allowing customers to see immediate cost savings when they deploy an
optimization patch to update their cloud application. For example, if a caching
layer can reduce data requests by 70%, the savings begin to accrue immediately.
Moreover, if customers build platforms on the cloud, they can pass on the same
flexible, variable usage-based cost structure to their own customers.
 Reduced Time to Market: Parallelization is the one of the great ways to speed
up processing. If one compute-intensive or data-intensive job that can be run in
parallel takes 500 hours to process on one machine, with cloud architectures, it
would be possible to spawn and launch 500 instances and process the same job
in 1 hour. Having available an elastic infrastructure provides the application with
the ability to exploit parallelization in a cost-effective manner reducing time to
market.
1.3 Technical Benefits of AWS Cloud Services
Some of the key technical benefits of the AWS Cloud are:
 Automation – “Scriptable Infrastructure”: AWS customers can create
repeatable build and deployment systems by leveraging programmable
(Application Programming Interface [API]-driven) infrastructure.
 Auto Scaling: AWS customers can scale their applications up and down to
match unexpected demand without any human intervention. Auto Scaling
encourages automation and drives more efficiency.

AWS Partner Package
 Proactive Scaling: Customers can scale applications up and down to meet
anticipated demand with proper planning of traffic patterns so that costs remain
low while scaling.
 More Efficient Development Lifecycle: Production systems may be easily
cloned for use as development and test environments. Staging environments
may be easily promoted to production.
 Improved Testability: Never run out of hardware for testing. Inject and automate
testing at every stage during the development process. AWS customers can spin
up an “instant test lab” with pre-configured environments only for the duration of
the testing phase.
 Disaster Recovery and Business Continuity: The cloud provides a lower cost
option for maintaining a fleet of disaster recovery servers and data storage. With
the cloud, customers can take advantage of geo-distribution and replicate the
environment in other locations within minutes.
 Overflow Traffic to the Cloud: With a few clicks and effective load balancing
tactics, customers can create a complete overflow-proof application by routing
excess traffic to the cloud.
2.0 Analyst Reports
Gartner, Inc., a leading information technology research company, reported in its 2015
Magic Quadrant for Cloud Infrastructure as a Service (IaaS), Worldwide report that
“AWS is a thought leader; it is extraordinarily innovative, exceptionally agile, and very
responsive to the market. It has the richest array of IaaS features and PaaS-like
capabilities. It continues to rapidly expand its service offerings and offer higher-level
solutions.” The Gartner Magic Quadrant for May 2015 (Figure 1) depicts AWS in the
Leaders Quadrant.

AWS Partner Package
Figure 1 – 2015 Gartner Magic Quadrant for Cloud Infrastructure as a Service
Additionally, Gartner positions AWS in the Leaders Quadrant of the new Magic
Quadrant for Public Cloud Storage Services (Figure 2). Gartner defines leaders as
offering innovative storage offerings built on a hardened platform, with global data
centers and established credibility as a business.

AWS Partner Package
Figure 2 – 2015 Gartner Magic Quadrant for Public Cloud Storage Services
You can see more analyst reports at http://aws.amazon.com/resources/analyst-reports/.
3.0 Environmental Benefits of AWS
AWS is committed to running our business in the most environmentally friendly way
possible. In addition to the environmental benefits inherently associated with running
applications in the cloud, AWS has a long-term commitment to achieve 100%
renewable energy usage for our global infrastructure footprint.
We’ve made a lot of progress on this commitment. As of April 2015, approximately 25%
of the power consumed by our global infrastructure comes from renewable energy
sources1. We have a goal of increasing this to at least 40% by the end of 2016.
In June 2015, AWS announced that it has teamed with Community Energy, Inc. to
support the construction and operation of an 80 megawatt (MW) solar farm in Accomack
County, Virginia, called Amazon Solar Farm US East. This new solar farm is expected

AWS Partner Package
to start generating approximately 170,000 megawatt hours (MWh) of solar power
annually as early as October 2016.
The energy generated by Amazon Solar Farm US East and Amazon Wind Farm (Fowler
Ridge) will be delivered into the electrical grids that supply current and future AWS
cloud data centers.
3.1 Options for Customers Seeking to Run 100% Carbon-Neutral
Infrastructure
AWS introduced its first carbon-neutral region in 2011. Today, AWS offers customers
three AWS Regions that are carbon-neutral:
 US West (Oregon)
 EU (Frankfurt)
 AWS GovCloud (US)
3.2 The Greenest Power is That Which is Not Consumed
Any analysis on the climate impact of a data center should take into consideration
resource utilization and energy efficiency, in addition to power mix. Carbon emissions
are a factor of three things: the number of servers running, the total energy required to
power each server, and the carbon intensity of energy sources used to power these
servers. A June 2015 blog post by Jeff Barr outlines why using fewer servers and
powering them more efficiently is at least as important to reducing the carbon impact of
a company’s data center as its power mix.
A typical large-scale cloud provider achieves approximately 65% server utilization rates
versus 15% on-premises, which means when companies move to the cloud, they
typically provision fewer than one-quarter of the servers than they would on-
premises. In addition, a typical on-premises data center is 29% less efficient in their use
of power compared to a typical large-scale cloud provider that uses world-class facility
designs, cooling systems, and workload-optimized equipment. Adding these together
(fewer servers used plus more power efficient servers), customers only need 16% of the
power as compared to on-premises infrastructure. This represents an 84% reduction in
the amount of power required.
This massive improvement in energy efficiency drives a huge reduction in climate
impact because less energy consumed means fewer carbon emissions. The climate
impact improvements get even better when you factor in that the average corporate
data center has a dirtier power mix than the typical large-scale cloud provider. Large-
scale cloud providers (AWS included) use a power mix that is 28% less carbon intense
than the global average.
Combining the fraction of energy required with a less carbon-intense power mix,
customers can end up with a reduction in carbon emissions of 88% by moving to the
cloud and AWS.
For more information, please visit our AWS and Sustainability webpage.

AWS Partner Package
4.0 AWS Cloud Services
Using AWS, customers can requisition compute power, storage, and other services in
minutes and have the flexibility to choose the development platform or programming
model that makes the most sense for the problems they are trying to solve. Error!
Reference source not found. lists AWS’s Cloud services. Links are provided to the
service website where you can find all service documentation, pricing information,
FAQs, release notes, developer information and relevant case studies.
Table 1 – AWS Cloud Services and Links to Publicly Available Information
Link to AWS Cloud
Services
Information
Service Description Link to Documentation
Compute
Amazon EC2
Amazon Elastic Compute Cloud (Amazon EC2) is a
web service that provides resizable computing
capacity—literally, servers in Amazon's data
centers—that you use to build and host your
software systems.
http://aws.amazon.com/do
cumentation/ec2/
Amazon EC2
Container Service
Amazon EC2 Container Service (Amazon ECS) is a
highly scalable, high-performance container
management service that supports Docker
containers and allows you to easily run distributed
applications on a managed cluster of Amazon EC2
instances.
http://aws.amazon.com/ec
s/faqs/
Amazon EC2
Container Registry
Amazon EC2 Container Registry (Amazon ECR) is
a fully managed Docker container registry that
makes it easy for developers to store, manage, and
deploy Docker container images. Amazon ECR is
integrated with Amazon ECS, simplifying your
development-to-production workflow. Amazon ECR
eliminates the need to operate your own container
repositories or worry about scaling the underlying
infrastructure. Amazon ECR hosts your images in a
highly available and scalable architecture, allowing
you to reliably deploy containers for your
applications.
https://aws.amazon.com/d
ocumentation/ecr/
AWS Lambda
AWS Lambda is a compute service that runs your
code in response to events and automatically
manages the compute resources for you, making it
easy to build applications that respond quickly to
new information. AWS Lambda starts running your
code within milliseconds of an event such as an
image upload, in-app activity, website click, or
output from a connected device.
cumentation/lambda/
Auto Scaling
Auto Scaling is a web service designed to launch or
terminate Amazon EC2 instances automatically
based on user-defined policies, schedules, and
health checks.
cumentation/autoscaling/

AWS Partner Package
Link to AWS Cloud
Services
Information
AWS Elastic
Beanstalk
AWS Elastic Beanstalk is an easy-to-use service for
deploying and scaling web applications and
services developed with Java, .NET, PHP, Node.js,
Python, Ruby, Go, and Docker on familiar servers
such as Apache, Nginx, Passenger, and IIS.
Upload your code, and Elastic Beanstalk
automatically handles the deployment, from
capacity provisioning, load balancing, and auto
scaling to application health monitoring.
ocumentation/elastic-
beanstalk/
Elastic Load
Balancing
Elastic Load Balancing automatically distributes
your incoming application traffic across multiple
Amazon EC2 instances. It detects unhealthy
instances and reroutes traffic to healthy instances
until the unhealthy instances have been restored.
Elastic Load Balancing automatically scales its
request handling capacity in response to incoming
traffic.
cumentation/elasticloadbal
ancing/
Networking
Amazon VPC
Amazon Virtual Private Cloud (Amazon VPC)
enables you to launch AWS resources into a virtual
network that you've defined. This virtual network
closely resembles a traditional network that you'd
operate in your own data center, with the benefits of
using the scalable infrastructure of AWS.
cumentation/vpc/
AWS Direct Connect
AWS Direct Connect links your internal network to
an AWS Direct Connect location over a standard
1 GB or 10 GB Ethernet fiberoptic cable. One end
of the cable is connected to your router and the
other to an AWS Direct Connect router. With this
connection, you can create virtual interfaces directly
to the AWS Cloud and Amazon VPC, bypassing
Internet service providers in your network path.
cumentation/directconnect/
Amazon Route 53
Amazon Route 53 is a highly available and scalable
cloud Domain Name System (DNS) web service. It
is designed as an extremely reliable and cost-
effective way to route users to Internet applications
by translating site names into IP addresses.
Amazon Route 53 also connects user requests to
infrastructure running in AWS, such as Amazon
EC2 instances, Elastic Load Balancing load
balancers, or Amazon S3 buckets.
ocumentation/route53/
Storage and Content Delivery
Amazon S3 &
Amazon S3 IA
Amazon Simple Storage Service (Amazon S3) is
storage for the Internet. You can use Amazon S3 to
store and retrieve any amount of data, at any time,
from anywhere on the web. Amazon S3 offers a
range of storage classes designed for different use
cases: Amazon S3 Standard for general-purpose
storage of frequently accessed data, Amazon S3
Standard − Infrequent Access (Standard − IA) for
cumentation/s3/

AWS Partner Package
Link to AWS Cloud
Services
Information
long-lived, but less frequently accessed data, and
Amazon Glacier for long-term archive.
Amazon Glacier
Amazon Glacier is a storage service optimized for
infrequently used data, or “cold data.” The service
provides secure, durable, and extremely low-cost
storage for data archiving and backup. With
Amazon Glacier, you can store your data cost
effectively for months, years, or even decades.
Amazon Glacier enables you to offload the
administrative burdens of operating and scaling
storage to AWS, so you don't have to worry about
capacity planning, hardware provisioning, data
replication, hardware failure detection and recovery,
or time-consuming hardware migrations.
cumentation/glacier/
Amazon EBS
Amazon Elastic Block Store (Amazon EBS)
provides block-level storage volumes for use with
Amazon EC2 instances. Amazon EBS volumes are
highly available and reliable storage volumes that
can be attached to any running instance that is in
the same Availability Zone. Amazon EBS volumes
that are attached to an Amazon EC2 instance are
exposed as storage volumes that persist
independently from the life of the instance. With
Amazon EBS, you only pay for what you use.
http://docs.aws.amazon.co
m/AWSEC2/latest/UserGui
de/AmazonEBS.html
Amazon EFS
(Preview)
Amazon Elastic File System (Amazon EFS) is a file
storage service for Amazon EC2 instances.
Amazon EFS is easy to use and provides a simple
interface that allows you to create and configure file
systems quickly and easily. With Amazon EFS,
storage capacity is elastic, growing and shrinking
automatically as you add and remove files, so your
applications have the storage they need, when they
need it. Sign up for the preview here.
ocumentation/efs/
Amazon CloudFront
Amazon CloudFront is a content delivery web
service. It integrates with other AWS Cloud services
to give developers and businesses an easy way to
distribute content to end users with low latency,
high data transfer speeds, and no commitments.
cumentation/cloudfront/
AWS Import/Export
Snowball
AWS Import/Export Snowball accelerates
transferring large amounts of data between the
cloud and portable storage devices that you mail to
us. AWS transfers data directly onto and off of your
storage devices using Amazon’s high-speed
internal network. Your data load typically begins the
next business day after your storage device arrives
at AWS. After the data export or import completes,
we return your storage device. For large data sets,
AWS Import/Export is significantly faster than
Internet transfer and more cost effective than
upgrading your connectivity.
cumentation/importexport/

AWS Partner Package
July 11, 2016 Page 10
Link to AWS Cloud
Services
Information
AWS Storage
Gateway
AWS Storage Gateway is a service that connects
an on-premises software appliance with cloud-
based storage to provide seamless and secure
integration between your on-premises IT
environment and AWS's storage infrastructure.
cumentation/storagegatew
ay/
Databases
Amazon RDS
Amazon Relational Database Service (Amazon
RDS) is a web service that makes it easier to set
up, operate, and scale a relational database in the
cloud. It provides cost-efficient, resizable capacity
for an industry-standard relational database and
manages common database administration tasks.
Database engines available through Amazon RDS
include Amazon Aurora, MySQL, Oracle, Microsoft
SQL Server, PostgreSQL, and MariaDB.
cumentation/rds/
Amazon DynamoDB
Amazon DynamoDB is a fully managed NoSQL
database service that provides fast and predictable
performance with seamless scalability. You can use
Amazon DynamoDB to create a database table that
can store and retrieve any amount of data and
serve any level of request traffic. Amazon
DynamoDB automatically spreads the data and
traffic for the table over a sufficient number of
servers to handle the request capacity specified by
the customer and the amount of data stored, while
maintaining consistent and fast performance.
cumentation/dynamodb/
Amazon Redshift
Amazon Redshift is a fast, fully managed, petabyte-
scale data warehouse solution that makes it simple
and cost effective to efficiently analyze all your data
using your existing business intelligence tools. You
can start small for just $0.25 per hour with no
commitments or up-front costs and scale to a
petabyte or more for $1,000 per terabyte per year,
less than a tenth of most other data warehousing
solutions.
cumentation/redshift/
Amazon ElastiCache
Amazon ElastiCache is a web service that makes it
easy to set up, manage, and scale distributed, in-
memory cache environments in the cloud. It
provides a high-performance, resizable, and cost-
effective in-memory cache, while removing the
complexity associated with deploying and
managing a distributed cache environment.
cumentation/elasticache/
AWS Database
Migration Service
AWS Database Migration Service helps you
migrate databases to AWS easily and securely. The
source database remains fully operational during
the migration. You can migrate your data to and
from most widely used commercial and open-
source databases. The service supports
homogenous migrations such as Oracle to Oracle,
as well as heterogeneous migrations between
different database platforms, such as Oracle to
ocumentation/dms/

AWS Partner Package
July 11, 2016 Page 11
Link to AWS Cloud
Services
Information
Amazon Aurora or Microsoft SQL Server to MySQL.
Analytics
Amazon EMR
Amazon Elastic MapReduce (Amazon EMR) is a
web service that makes it easy to process large
amounts of data efficiently. Amazon EMR uses
Hadoop processing combined with several AWS
products to perform such tasks as web indexing,
data mining, log file analysis, machine learning,
scientific simulation, and data warehousing.
cumentation/elasticmapred
uce/
Amazon Kinesis
Amazon Kinesis is a managed service that scales
elastically for real-time processing of streaming big
data. The service takes in large streams of data
records that can then be consumed in real time by
multiple data processing applications that can be
run on Amazon EC2 instances. The data
processing applications use the Amazon Kinesis
Client Library and are called “Amazon Kinesis
applications.”
cumentation/kinesis/
AWS Data Pipeline
AWS Data Pipeline is a web service that helps you
reliably process and move data between different
AWS compute and storage services, as well as on-
premises data sources, at specified intervals. With
AWS Data Pipeline, you can regularly access your
data where it’s stored, transform and process it at
scale, and efficiently transfer the results to AWS
Cloud services such as Amazon S3, Amazon RDS,
Amazon DynamoDB, and Amazon EMR.
cumentation/data-pipeline/
Amazon Mobile
Analytics
Amazon Mobile Analytics is a service that lets you
easily collect, visualize, and understand application
usage data at scale. Many mobile application
analytics solutions deliver usage data several hours
after the events occur. Amazon Mobile Analytics is
designed to deliver usage reports within 60 minutes
of receiving data from an application so that you
can act on the data more quickly.
cumentation/mobileanalyti
cs/
AWS QuickSight
(Preview)
Amazon QuickSight is a very fast, cloud-powered
BI service that makes it easy to build visualizations,
perform ad-hoc analysis, and quickly get business
insights from data. Amazon QuickSight integrates
automatically with AWS data services. At one-tenth
the cost of traditional solutions, Amazon QuickSight
enables you to deliver rich BI functionality to
everyone in your organization.
Amazon Machine
Learning
Amazon Machine Learning makes it easy for
developers to build smart applications, including
applications for fraud detection, demand
forecasting, targeted marketing, and click
prediction. The powerful algorithms of Amazon
Machine Learning create Machine Learning (ML)
models by finding patterns in your existing data.
The service uses these models to process new
ocumentation/machine-
learning/

AWS Partner Package
July 11, 2016 Page 12
Link to AWS Cloud
Services
Information
data and generate predictions for your application.
Security & Identity
AWS Identity &
Access Management
AWS Identity and Access Management (IAM) is a
web service that enables AWS customers to
manage users and user permissions. The service is
targeted at organizations with multiple users or
systems that use AWS products such as Amazon
EC2, Amazon SimpleDB, and the AWS
Management Console. With AWS IAM, you can
centrally manage users, security credentials such
as access keys, and permissions that control which
AWS resources users can access.
cumentation/iam/
AWS Certificate
Manager
AWS Certificate Manager is a service that lets you
easily provision, manage, and deploy Secure
Sockets Layer/Transport Layer Security (SSL/TLS)
certificates for use with AWS Cloud services.
SSL/TLS certificates are used to secure network
communications and establish the identity of
websites over the Internet.
http://docs.aws.amazon.co
m/acm/latest/userguide/ac
m-overview.html
AWS CloudHSM
AWS CloudHSM provides secure cryptographic key
storage to customers by making Hardware Security
Modules (HSMs) available in the AWS Cloud.
cumentation/cloudhsm/
AWS Key
Management Service
AWS Key Management Service (KMS) is a
managed service that makes it easy for you to
create and control the encryption keys used to
encrypt your data. AWS KMS uses HSMs to protect
the security of your keys. AWS KMS is integrated
with other AWS Cloud services, including Amazon
EBS, Amazon S3, and Amazon Redshift. AWS
KMS is also integrated with AWS CloudTrail to
provide you with logs of all key usage.
cumentation/kms/
AWS Directory
Service
AWS Directory Service is a managed service that
allows you to connect your AWS resources with an
existing on-premises Microsoft Active Directory or
to set up a new, standalone directory in the AWS
Cloud. Connecting to an on-premises directory is
easy, and when this connection is established, all
users can access AWS resources and applications
with their existing corporate credentials.
cumentation/directory-
service/
Amazon Inspector
Amazon Inspector is an automated security
assessment service that helps improve the security
and compliance of applications deployed on AWS.
Amazon Inspector automatically assesses
applications for vulnerabilities or deviations from
best practices. After performing an assessment,
Amazon Inspector produces a detailed list of
security findings prioritized by level of severity.
ocumentation/inspector/
AWS WAF
AWS Web Application Firewall (WAF) is a web
application firewall that helps protect your
web applications from common web exploits that
could affect application availability, compromise
ocumentation/waf/

AWS Partner Package
July 11, 2016 Page 13
Link to AWS Cloud
Services
Information
security, or consume excessive resources. Also,
AWS WAF includes a full-featured Application
Programming Interface (API) that you can use to
automate the creation, deployment, and
maintenance of web security rules.
Management Tools
Amazon CloudWatch
Amazon CloudWatch is a web service that enables
you to collect, view, and analyze metrics. Amazon
CloudWatch lets you programmatically retrieve your
monitoring data, view graphs, and set alarms to
help you troubleshoot, spot trends, and take
automated action based on the state of your cloud
environment.
cumentation/cloudwatch/
AWS CloudTrail
With AWS CloudTrail, you can get a history of AWS
API calls for your account, including API calls made
via the AWS Management Console, the AWS
Software Development Kits (SDKs), the command
line tools, and higher-level AWS Cloud services.
You can also identify which users and accounts
called AWS APIs for services that support AWS
CloudTrail, the source IP address the calls were
made from, and when the calls occurred. You can
integrate AWS CloudTrail into applications using
the API, automate trail creation for your
organization, check the status of your trails, and
control how administrators turn AWS CloudTrail
logging on and off.
cumentation/cloudtrail/
AWS Config
AWS Config is a fully managed service that
provides you with an AWS resource inventory,
configuration history, and configuration change
notifications to enable security and governance.
With AWS Config you can discover existing AWS
resources, export a complete inventory of your
AWS resources with all configuration details, and
determine how a resource was configured at any
point in time. These capabilities enable compliance
auditing, security analysis, resource change
tracking, and troubleshooting.
cumentation/config/
AWS Service
Catalog
AWS Service Catalog is a service that allows
administrators to create and manage approved
catalogs of resources that end users can then
access via a personalized portal. You can control
which users have access to which applications or
AWS resources to enable compliance with your
business policies, while users can easily browse
and launch products from the catalogs you create.
http://aws.amazon.com/ser
vicecatalog/
Development, Deployment, & Management
AWS Management
Console
Access and manage Amazon cloud services
through a simple and intuitive web-based user
interface. You can also use the AWS Console
http://aws.amazon.com/co
nsole/faqs/

AWS Partner Package
July 11, 2016 Page 14
Link to AWS Cloud
Services
Information
mobile app to quickly view resources on the go.
AWS Command Line
Interface
The AWS Command Line Interface (CLI) is a
unified tool used to manage your AWS Cloud
services. With just one tool to download and
configure, you can control multiple AWS Cloud
services from the command line and automate
them through scripts.
cumentation/cli/
APIs
AWS provides APIs for cloud computing services,
with multiple interfaces to those services,
including SDKs, Integrated Development
environment (IDE) Toolkits, and CLI Tools for
developing and managing AWS resources.
https://aws.amazon.com/to
ols/
AWS
CloudFormation
AWS CloudFormation gives developers and system
administrators an easy way to create and manage a
collection of related AWS resources, provisioning
and updating them in an orderly and predictable
fashion. You can use the sample templates for
AWS CloudFormation or create your own templates
to describe the AWS resources, and any associated
dependencies or runtime parameters, required to
run your application.
cumentation/cloudformatio
n/
AWS CodeDeploy
AWS CodeDeploy is a service that automates code
deployments to Amazon EC2 instances. AWS
CodeDeploy makes it easier for you to rapidly
release new features, helps you avoid downtime
during deployment, and handles the complexity of
updating your applications. You can use AWS
CodeDeploy to automate deployments, eliminating
the need for error-prone manual operations, and
the service scales with your infrastructure so you
can easily deploy to one Amazon EC2 instance or
thousands.
cumentation/codedeploy/
AWS CodeCommit
AWS CodeCommit is a secure, highly scalable,
managed source control service that hosts private
Git repositories. AWS CodeCommit eliminates the
need for you to operate your own source control
system or worry about scaling its infrastructure. You
can use AWS CodeCommit to store anything from
code to binaries, and it supports the standard
functionality of Git, allowing it to work seamlessly
with your existing Git-based tools.
decommit/
AWS CodePipeline
AWS CodePipeline is a continuous delivery and
release automation service that aids smooth
deployments. You can design your development
workflow for checking in code, building the code,
deploying your application into staging, testing it,
and releasing it to production. You can integrate
third-party tools into any step of your release
process or you can use AWS CodePipeline as an
end-to-end solution.
depipeline/
AWS OpsWorks AWS OpsWorks provides a simple and flexible way
to create and manage stacks and applications. With
cumentation/opsworks/

AWS Partner Package
July 11, 2016 Page 15
Link to AWS Cloud
Services
Information
AWS OpsWorks, you can provision AWS
resources, manage their configuration, deploy
applications to those resources, and monitor their
health.
Enterprise Applications
Amazon WorkDocs
Amazon WorkDocs is a fully managed, secure
enterprise storage and sharing service with strong
administrative controls and feedback capabilities to
help improve user productivity. Users can comment
on files, send them to others for feedback, and
upload new versions without having to resort to
emailing multiple versions of their files as
attachments.
cumentation/workdocs/
Amazon Workspaces
Amazon WorkSpaces allows customers to easily
provision cloud-based desktops that allow users to
access the documents, applications, and resources
they need with the device of their choice, including
laptops, iPad, Kindle Fire, or Android tablets. With a
few clicks in the AWS Management Console,
customers can provision a high-quality cloud
desktop experience for any number of users at a
highly competitive cost that is half the cost of most
Virtual Desktop Infrastructure (VDI) solutions.
cumentation/workspaces/
Amazon WorkMail
Amazon WorkMail is a secure, managed business
email and calendar service with support for existing
desktop and mobile email clients. Amazon
WorkMail gives users the ability to seamlessly
access their email, contacts, and calendars using
Microsoft Outlook, their web browser, or their native
iOS and Android email applications.
ocumentation/workmail/
Application Services
Amazon AppStream
The Amazon AppStream web service deploys your
application on AWS infrastructure and streams
input and output between your application and
devices such as personal computers, tablets, and
mobile phones. Your application's processing
occurs in the cloud, so it can scale to handle vast
computational loads. Devices need only display
output and return user input, so the client
application on the device can be lightweight in
terms of file size and processing requirements.
cumentation/appstream/
Amazon
CloudSearch
Amazon CloudSearch is a fully managed service in
the cloud that makes it easy to set up, manage, and
scale a search solution for your website. Amazon
CloudSearch enables you to search large
collections of data such as web pages, document
files, forum posts, or product information. With
Amazon CloudSearch, you can quickly add search
capabilities to your website without having to
cumentation/cloudsearch/

AWS Partner Package
July 11, 2016 Page 16
Link to AWS Cloud
Services
Information
become a search expert or worry about hardware
provisioning, setup, and maintenance. As your
volume of data and traffic fluctuates, Amazon
CloudSearch automatically scales to meet your
needs.
Amazon SWF
Amazon Simple Workflow Service (Amazon SWF)
makes it easy to build applications that coordinate
work across distributed components. In Amazon
SWF, a task represents a logical unit of work that is
performed by a component of your application.
Coordinating tasks across the application involves
managing intertask dependencies, scheduling, and
concurrency in accordance with the logical flow of
the application. Amazon SWF gives you full control
over implementing tasks and coordinating them
without worrying about underlying complexities
such as tracking their progress and maintaining
their state.
cumentation/swf/
Amazon SQS
Amazon Simple Queue Service (Amazon SQS) is a
messaging queue service that handles messages
or workflows between other components in a
system.
cumentation/sqs/
Amazon SES
Amazon Simple Email Service (Amazon SES) is an
outbound-only email-sending service that provides
an easy, cost-effective way for you to send email.
cumentation/ses/
Amazon SNS
Amazon Simple Notification Service (Amazon SNS)
is a web service that enables applications, end
users, and devices to instantly send and receive
notifications from the cloud.
cumentation/sns/
Amazon Elastic
Transcoder
Amazon Elastic Transcoder lets you convert media
files that you have stored in Amazon S3 into media
files in the formats required by consumer playback
devices. For example, you can convert large, high-
quality digital media files into formats that users can
play back on mobile devices, tablets, web
browsers, and connected televisions.
cumentation/elastictransco
der/
Amazon FPS
Amazon Flexible Payments Service (Amazon FPS)
facilitates the digital transfer of money between any
two entities (humans or computers).
https://payments.amazon.c
om/developer
Mobile Services
Amazon Cognito
Amazon Cognito is a simple user identity and data
synchronization service that helps you securely
manage and synchronize application data for your
users across their mobile devices. You can create
unique identities for your users through a number of
public login providers (Amazon, Facebook, and
Google) and also support unauthenticated guests.
gnito/dev-resources/
AWS Mobile Hub
AWS Mobile Hub lets you easily add and configure
features for your mobile apps, including user
authentication, data storage, back-end logic, push
ocumentation/mobile-hub/

AWS Partner Package
July 11, 2016 Page 17
Link to AWS Cloud
Services
Information
notifications, content delivery, and analytics. AWS
Mobile Hub gives you easy access to testing on
real devices, as well as analytics dashboards to
track app usage, all from a single, integrated
console.
AWS Device Farm
Improve the quality of your iOS, Android, and web
applications by testing against real phones and
tablets in the AWS Cloud. AWS Device Farm is an
app testing service that enables you to test your
iOS, Android, and Fire OS apps on real, physical
phones and tablets that are hosted by AWS. The
service allows you to upload your own tests or use
built-in, script-free compatibility tests.
ocumentation/devicefarm/
Amazon Mobile
Analytics
With Amazon Mobile Analytics, you can measure
app usage and app revenue. By tracking key trends
such as new vs. returning users, app revenue, user
retention, and custom in-app behavior events, you
can make data-driven decisions to increase
engagement and monetization for your app. You
can view key charts in the Mobile Analytics console
and automatically export your app event data to
Amazon S3 and Amazon Redshift to run custom
analysis.
ocumentation/mobileanalyt
ics/
Internet of Things
AWS IoT
AWS IoT is a platform that enables you to connect
devices to AWS Cloud services and other devices,
secure data and interactions, process and act upon
device data, and enable applications to interact with
devices even when they are offline.
ocumentation/iot/
AWS Support
AWS Support
AWS Support is a one-on-one, fast-response
support channel that is staffed 24x7x365 with
experienced technical support engineers to help
customers of all sizes and technical abilities
successfully use the products and features
provided by AWS.
ocumentation/aws-support/
AWS Trusted Advisor
AWS Trusted Advisor acts like your customized
cloud expert, and it helps you provision your
resources by following best practices. AWS Trusted
Advisor inspects your AWS environment and finds
opportunities to save money, improve system
performance and reliability, or help close security
gaps.
https://aws.amazon.com/pr
emiumsupport/faqs/
AWS Marketplace
AWS Marketplace
AWS Marketplace is an online store that helps
customers find, buy, and immediately start using
the software and services they need to build
products and run their businesses.
https://aws.amazon.com/m
arketplace/help/

AWS Partner Package
July 11, 2016 Page 18
5.0 AWS Regions and Availability Zones
The AWS cloud infrastructure is built around regions and Availability Zones. A region is
a physical location in the world where we have multiple Availability Zones. Availability
Zones consist of one or more discrete data centers, each with redundant power,
networking, and connectivity and housed in separate facilities. These Availability Zones
offer you the ability to operate production applications and databases that are more
highly available, fault tolerant, and scalable than would be possible from a single data
center. AWS currently has 13 regions and 35 Availability Zones throughout the world:
US East (Northern Virginia), US West (Oregon), US West (Northern California), AWS
GovCloud (US) (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Singapore), Asia
Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Seoul), Asia Pacific (Mumbai),
South America (Sao Paulo), and China (Beijing). Information on each region can be
found at the AWS Global Infrastructure webpage. Error! Reference source not found.
depicts the current AWS regions and Availability Zones, along with 4 new regions and 9
Availability Zones that are coming online in 2016.
The AWS products and services that are available in each region are listed at the
Region Table webpage.
Figure 3 – Global Map of AWS Regions and Availability Zones

AWS Partner Package
July 11, 2016 Page 19
How reliable is an application
hosted by AWS?
In 2014, Nucleus Research
surveyed 198 AWS customers
that reported moving existing
workloads from on-premises to
AWS and found that they were
able to reduce unplanned
downtime by 32% (see Availability
and Reliability in the Cloud:
Amazon Web Services).
Figure 4 illustrates the relationship between regions and Availability Zones.
Figure 4 – Regions and Availability Zones
6.0 Availability and Reliability
AWS takes extensive precautions to help ensure that we will remain fully operational,
with no loss of service for our hosted applications. AWS replicates critical system
components across multiple Availability Zones to ensure high availability both under
normal circumstances and during disasters such as fires, tornadoes, or floods.
Availability Zones consist of one or more discrete data centers, each with redundant
power, networking, and connectivity and housed in separate facilities. Each AWS
Availability Zone runs on its own independent infrastructure, engineered to be highly
reliable so that even extreme disasters or weather events should only affect a single
Availability Zone. The data centers’ electrical power systems are designed to be fully
redundant and maintainable without impact to operations. Common points of failure,
such as generators, UPS units, and air conditioning, are not shared across Availability
Zones.
At AWS, we plan for failure by maintaining
contingency plans and regularly rehearsing our
responses. In the words of Werner Vogels,
Amazon’s CTO: “Everything fails, all the time.”
We regularly perform preventative maintenance
on our generators and UPS units to ensure that
equipment is ready when needed. We also
maintain a series of incident response plans
covering both common and uncommon events,
and update them regularly to incorporate lessons
learned and prepare for emerging threats. In the
days leading up to a known event such as a
hurricane, we make preparations such as
increasing fuel supplies, updating staffing plans,
and adding provisions like food and water to ensure the safety of the support teams.

AWS Partner Package
July 11, 2016 Page 20
Once it is clear that a storm will impact a specific region, the response plan is executed
and we post updates to the Service Health Dashboard throughout the event.
Note that AWS far exceeds the Uptime Institute Tiering certification. Tiering aspects do
not take into consideration the nature of the services of the cloud environment, and
although the uptime institution tiering can be a great guide, it ultimately does not
accurately map to a cloud service provider organization. AWS does not have a Certified
Uptime Tiering level; however, we operate a data center environment using N+1
architecture. AWS offers SLAs for services such as Amazon EC2 and Amazon EBS at
99.95%, and Amazon S3 with an SLA of 99.9%. Our generator backup capabilities are
detailed in our Service Organization Control (SOC) Reports (as is our discussion
regarding business continuity planning and N+1 architecture).
6.1 Example: Hurricane Sandy
As an example of AWS availability and reliability, during Hurricane Sandy—the second-
costliest hurricane in United States history— AWS remained online throughout the
entire storm. An extensive Hurricane Sandy Response Plan, including 24/7 staffing by
all service teams, escalation plans and continuous status updates, assured normal
operations and service quality for our customers.
In the aftermath of the storm, some companies established operations in the AWS
Cloud to replace datacenters lost to flooding and power outages. One such example is
NYU’s Langone Medical Center. As noted in the article Still Recovering from Sandy,
“…NYU researchers [were] able to push forward with their sequencing experiments.
They were able to salvage 200 terabytes of backup sequencing data, and have set up
temporary data storage in a New Jersey facility, using computing power from the NYU
Center for Genomics and Systems Biology and the Amazon cloud.”
What’s even more interesting is that AWS provided a unique capability for our
customers to prepare for worst case scenarios by copying and replicating their data to
other AWS regions proactively. Although ultimately this was not necessary, since US
East (Northern Virginia) stayed up without any issues, our customers had peace of mind
that they would be able to continue their business as usual even if it did fail. One
example is the Obama 2012 Campaign: in a nine-hour period, they proactively
replicated their entire environment from the US East (Northern Virginia) to the US West
(Northern California) region, providing cross-continent fault tolerance on demand. The
Obama campaign was able to copy over 27 terabytes of data from East to West in less
than four hours (watch the video, Continuous Integration and Deployment Best
Practices on AWS, to learn more). Leo Zhadanovsky, a DevOps engineer for the
Obama Campaign & Democratic National Committee, who now works for AWS
commented that “AWS’s scalable, on-demand capacity allowed Obama for America to
quickly spin up a disaster-recovery copy of their infrastructure in another region in a
matter of hours—something that would normally take weeks, or months in on premise
environment.”

AWS Partner Package
July 11, 2016 Page 21
6.2 Architecting for Availability
While AWS goes to great lengths to provide availability of the cloud, our customers
share responsibility for ensuring availability within the cloud. These customers and
others like them have succeeded because they designed for failure and have adopted
best practices for high availability, such as taking advantage of multiple Availability
Zones and configuring Auto Scaling groups to replace unhealthy instances. The
Building Fault-Tolerant Applications on AWS whitepaper is a great introduction to
achieving high availability in the cloud. In addition, the AWS Well-Architected
Framework codifies the experiences of thousands of customers, helping customers
assess and improve their cloud-based architectures and mitigate disruptions.
AWS customers can rest assured that our services and Availability Zones provide the
most solid foundation upon which to build a reliable application. Together, we can build
a highly available and resilient application in the cloud.
Please refer to the sample fault tolerant architecture diagram in Figure 5.

AWS Partner Package
July 10, 2016 Page 22
AMAZON WEB SERVICES, INC. CONFIDENTIAL. THE INFORMATION IN THIS DOCUMENT MAY NOT BE DISCLOSED WITHOUT THE PRIOR WRITTEN
CONSENT OF AMAZON WEB SERVICES, INC.
Figure 5 – Fault Tolerant Sample AWS Architecture

AWS Partner Package
July 11, 2016 Page 23
7.0 Scalability and Elasticity
In a traditional IT environment scalability and elasticity is often equated with investment
and infrastructure. In the cloud, scalability and elasticity provide an opportunity for
savings and improved ROI. AWS uses the term “elastic” to describe the ability to scale
computing resources up and down easily, with minimal friction. Elasticity helps you
avoid provisioning resources up front for projects with variable consumption rates or
short lifetimes. Instead of acquiring hardware, setting it up, and maintaining it in order to
allocate resources to your applications, you use AWS to allocate resources using simple
API calls.
Imagine what would happen to a traditional IT shop if traffic to an application doubled or
tripled in a short period. Customers need to be confident that existing infrastructure can
handle a spike in traffic, and that the spike will not interfere with normal business
operations. Elastic Load Balancing and Auto Scaling can automatically scale your AWS
cloud-based resources up to meet unexpected demand, and then scale those resources
down as demand decreases.
7.1 Auto Scaling
Auto Scaling allows customers to automatically scale their Amazon EC2 capacity up or
down according to conditions that they define. Auto Scaling is well suited for
applications that experience hourly, daily, or weekly variability in usage. Customers can
automatically scale their Amazon EC2 fleet or maintain their Amazon EC2 fleet at a set
size.
Auto Scaling enables customers to closely follow the demand curve for their
applications, reducing the need to provision Amazon EC2 capacity in advance. For
example, customers can set a condition to add new Amazon EC2 instances in
increments of three instances to the Auto Scaling Group when the average CPU
utilization of the Amazon EC2 fleet goes above 70%; and similarly, customers can set a
condition to remove Amazon EC2 instances in the same increments when CPU
utilization falls below 10%.
Often, customers may want more time before Auto Scaling adds or removes more
Amazon EC2 instances. Customers can configure a cooldown period for their Auto
Scaling Group, which tells Auto Scaling to wait for some time after taking an action
before it evaluates the conditions again. Auto Scaling enables customers to run their
Amazon EC2 fleet at optimal utilization.
7.2 Elastic Load Balancing
Elastic Load Balancing automatically distributes incoming application traffic across
multiple Amazon EC2 instances. It enables customers to achieve even greater fault
tolerance in their applications, seamlessly providing the amount of load balancing
capacity needed in response to incoming application traffic. Elastic Load Balancing
detects unhealthy instances and automatically reroutes traffic to healthy instances until
the unhealthy instances have been restored. Customers can enable Elastic Load

AWS Partner Package
July 11, 2016 Page 24
Balancing within a single Availability Zone or across multiple zones for even more
consistent application performance.
7.2.1 Amazon CloudWatch
Amazon CloudWatch is a monitoring service for AWS cloud resources and the
applications that customers run on AWS. Customers can use Amazon CloudWatch to
collect and track metrics, collect and monitor log files, and set alarms. Amazon
CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon
DynamoDB tables, and Amazon RDS database instances, as well as custom metrics
generated by applications and services and any log files your applications generate.
Customers can use Amazon CloudWatch to gain system-wide visibility into resource
utilization, application performance, and operational health, using these insights to react
and keep application running smoothly.
Amazon CloudWatch's metrics and alarms can work together with Auto Scaling and
ELB to dynamically deploy new instances on-demand, as depicted in Figure 6.
Figure 6 – Auto Scaling with Elastic Load Balancing and Amazon CloudWatch
8.0 Security
The AWS virtual infrastructure has been designed to provide optimum availability while
ensuring complete customer privacy and segregation. AWS’s highly secure data centers
utilize state-of-the-art electronic surveillance and multi-factor access control systems.
Environmental systems are designed to minimize the impact of disruptions to
operations, and multiple geographic regions and Availability Zones allow customers to
remain resilient in the face of most failure modes, including natural disasters or system
failures.

AWS Partner Package
July 11, 2016 Page 25
8.1 Data Center Security and Access
AWS does not disclose the exact location of data centers and does not allow data
center access to customers as this exposes a wide range of customers to physical
access of a third party. Instead of allowing customers to perform physical audits, AWS
has an independent third party perform audits of its data centers. These audits are
conducted in accordance with FedRAMP, the American Institute of Certified Public
Accountants (AICPA): AT 801 (formerly Statement on Standards for Attestation
Engagements [SSAE] 16), and the International Standards for Assurance Engagements
No.3402 (ISAE 3402) professional standards. The auditors produce a Service
Organization Controls 1 (SOC 1), Type 2 report in connection with the audit.
Independent reviews of data center physical security are also part of an ISO 27001
audit, a Payment Card Industry (PCI) Data Security Standard (DSS) assessment, and
an International Traffic in Arms Regulations (ITAR) audit.
Physical and Environmental Security: AWS’s data centers are state of the art, using
innovative architectural and engineering approaches. AWS has many years of
experience in designing, constructing, and operating large-scale data centers. This
experience has been applied to the AWS platform and infrastructure. AWS data centers
are housed in nondescript facilities. Physical access is strictly controlled both at the
perimeter and at building ingress points by professional security staff utilizing video
surveillance, intrusion detection systems, and other electronic means. Authorized staff
must pass two-factor authentication a minimum of two times to access data center
floors. All visitors and contractors are required to present identification and are signed in
and continually escorted by authorized staff.
AWS only provides data center access and information to employees and contractors
who have a legitimate business need for such privileges. When an employee no longer
has a business need for these privileges, his or her access is immediately revoked,
even if they continue to be an employee of Amazon or Amazon Web Services. All
physical access to data centers by AWS employees is logged and audited routinely.
Fire Detection and Suppression: Automatic fire detection and suppression equipment
has been installed to reduce risk. The fire detection system utilizes smoke detection
sensors in all data center environments, mechanical and electrical infrastructure
spaces, chiller rooms and generator equipment rooms. These areas are protected by
either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.
Power: The data center electrical power systems are designed to be fully redundant
and maintainable without impact to operations, 24 hours a day, and seven days a week.
Uninterruptible Power Supply (UPS) units provide back-up power in the event of an
electrical failure for critical and essential loads in the facility. Data centers use
generators to provide back-up power for the entire facility.
Climate and Temperature: Climate control is required to maintain a constant operating
temperature for servers and other hardware, which prevents overheating and reduces
the possibility of service outages. Data centers are conditioned to maintain atmospheric

AWS Partner Package
July 11, 2016 Page 26
conditions at optimal levels. Personnel and systems monitor and control temperature
and humidity at appropriate levels.
Management: AWS monitors electrical, mechanical, and life support systems and
equipment so that any issues are immediately identified. Preventative maintenance is
performed to maintain the continued operability of equipment.
Storage Device Decommissioning: When a storage device has reached the end of its
useful life, AWS procedures include a decommissioning process that is designed to
prevent customer data from being exposed to unauthorized individuals.
AWS will provide the SOC 1 report to customers under NDA. The AWS Security Center
provides up-to-date information on AWS audits by independent third-party auditors.
8.2 Built-in Security Features
Not only are applications and data protected by highly secure facilities and
infrastructure, they are also protected by extensive network and security monitoring
systems. These systems provide basic but important security measures such as
Distributed Denial of Service (DDoS) protection and password brute-force detection on
AWS Accounts. Additional security measures include:
 Secure Access: Customer access points, also called API endpoints, allow
secure HTTP access (HTTPS) so that customers can establish secure
communication sessions with their AWS cloud services using Secure Socket
Layer (SSL)/Transport Layer Security (TSL).
 Built-in Firewall: Customers can control how accessible their instances are by
configuring built-in firewall rules—from totally public to completely private, or
somewhere in between. And when instances reside within an Amazon Virtual
Private Cloud (Amazon VPC) subnet, customers can control egress as well as
ingress.
 Unique Users: The AWS Identity and Access Management (IAM) tool allows
AWS customers to control the level of access their own users have to AWS
infrastructure services. With AWS IAM, each user can have unique security
credentials, eliminating the need for shared passwords or keys and allowing the
security best practices of role separation and least privilege.
 Multi-Factor Authentication (MFA): AWS provides built-in support for MFA for
use with AWS accounts as well as individual IAM user accounts.
 Private Subnets: The Amazon VPC service allows customers to add another
layer of network security to instances by creating private subnets and even
adding an Internet Protocol Security (IPsec) Virtual Private Network (VPN) tunnel
between a home network and Amazon VPC.
 Encrypted Data Storage: Customers can have the data and objects they store
in Amazon EBS, Amazon S3, Amazon Glacier, Amazon Redshift, and Amazon
RDS on Oracle and SQL Server encrypted automatically using Advanced

AWS Partner Package
July 11, 2016 Page 27
Encryption Standard (AES) 256, a secure symmetric-key encryption standard
using 256-bit encryption keys.
 Dedicated Connection Option: The AWS Direct Connect service allows
customers to establish a dedicated network connection from their premises to
AWS. Using industry-standard 802.1q VLANs, this dedicated connection can be
partitioned into multiple logical connections to enable access to both public and
private IP environments within the AWS cloud.
 Isolated GovCloud: For customers who require additional measures in order to
comply with US ITAR regulations, AWS offers an entirely separate region called
AWS GovCloud (US). This isolated region provides an environment where
customers can run ITAR-compliant applications and provides special endpoints
that utilize only Federal Information Processing Standard (FIPS) 140-2
encryption.
 Dedicated, Hardware-Based Crypto Key Storage Option: For customers who
must use Hardware Security Module (HSM) appliances for cryptographic key
storage, AWS CloudHSM provides a highly secure and convenient way to store
and manage keys.
 Centralized Key Management: For customers who use encryption extensively
and require strict control of their keys, the AWS Key Management
Service provides a convenient management option for creating and administering
the keys used to encrypt data at rest.
 AWS Trusted Advisor: Provided automatically when AWS customers sign up
for premium support, the AWS Trusted Advisor service is a convenient way for
customers to see where they could use a little more security. It monitors AWS
resources and alerts customers to security configuration gaps such as overly
permissive access to certain Amazon EC2 instance ports and Amazon S3
storage buckets, minimal use of role segregation using AWS IAM, and weak
password policies.
 Amazon CloudWatch: Amazon CloudWatch enables customers to collect and
track metrics, collect and monitor log files, and set alarms. Amazon CloudWatch
can monitor AWS resources such as Amazon EC2 instances, Amazon
DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics
generated by a customer’s applications and services, and any log files their
applications generate. Customers can use Amazon CloudWatch to gain system-
wide visibility into resource utilization, application performance, and operational
health, using these insights to react and keep applications running smoothly.
 Perfect Forward Secrecy: For even greater communication privacy, several
AWS cloud services such as Elastic Load Balancing and Amazon
CloudFront offer newer, stronger cipher suites. These cipher suites allow
SSL/TLS clients to use Perfect Forward Secrecy, a technique that uses session
keys that are ephemeral and not stored anywhere. This prevents the decoding of
captured data, even if the secret long-term key itself is compromised.
 Security Logs: AWS CloudTrail provides logs of all user activity within an AWS
account. Please see the Logs and Auditing section later in this document for
more information.

Compu net response

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie Compu net response

Ähnlich wie Compu net response (20)

Mehr von ~Eric Principe

Mehr von ~Eric Principe (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Compu net response