AWS Gov Cloud Summit II

AWS GovCloud (US) CJ Moses

Deputy Chief Information Security Officer

Fault Separation and Geographic Diversity

Amazon CloudWatch

Note: Conceptual drawing only. The number of Availability Zones may vary

EU Region (IRE)

Availability Zone A

Availability Zone B

US East Region (N. VA)

Availability Zone A

Availability Zone C

Availability Zone B

APAC Region

(Tokyo)

Availability Zone A

Availability Zone B

US West Region (N. CA)

Availability Zone A

Availability Zone B

APAC Region (Singapore)

Availability

Zone B Availability

Zone A

Availability Zone C

BUT:

Data has to stay in CONUS

Must meet Federal standards for security and

privacy controls

US Persons only access

Data Isolation, Network Isolation, Machine

Isolation

a new region…

AWS GovCloud (US)

AWS GovCloud (US): A New Region

Ashburn, VA / Dallas, TX / Jacksonville, FL / Los Angeles, CA / Miami, FL / Newark, NJ / New York, NY / Palo Alto, CA / Seattle, WA / St. Louis, MO / Amsterdam / Dublin / Frankfurt / London / Hong Kong / Paris / Stockholm / Tokyo / Singapore

US East (Northern Virginia) US West (Northern California) GovCloud (US) (West Coast) Europe (Dublin) Asia Pacific (Singapore) Asia Pacific (Tokyo)

6 AWS Regions

19 AWS CloudFront Locations

Targeted to US Government Customers

US governmental entity or supporting company FISMA Moderate Compliant Controls

US Persons-Only access (Physical & Logical)

AWS will screen direct customers prior to providing access to the AWS GovCloud (US). Direct customers must be:

U.S. Persons; not subject to export restrictions; and comply with U.S. export control laws and regulations, including the International

Traffic In Arms Regulations.

Data Isolation (Service & IAM Controls) Network Isolation (VPC required, FIPS 140-2 Compliant endpoints)

Machine Isolation (Dedicated instances optional)

Customer’s

Network

Amazon

Web Services

Cloud Secure VPN

Connection over

the Internet

Subnets

Customer’s isolated

AWS resources

Amazon VPC Architecture

Router VPN

Gateway

Internet NAT

Security is Job Zero

http://aws.amazon.com/security/

Certifications and Accreditations

• FISMA Moderate Compliant Controls

• SAS70 Type II (next report SOC1 - SSAE 16)

• ISO 27001

• PCI DSS Level 1

• FIPS 140-2 Compliant Endpoints (GovCloud)

AWS GovCloud (US) Services

Amazon Elastic Compute Cloud (EC2)

Two Availability Zones

Standard, High-Mem and High-CPU Instances available

Amazon Simple Storage Service (S3) Full durability, designed at 99.999999999%

Amazon Elastic Block Store (EBS)

Amazon Virtual Private Cloud (VPC)

Required for all customers

Amazon CloudWatch

AWS Identity and Access Management (IAM)

Command Line API Access (No Console)

elasticfox (Firefox plugin)

AWS Deployment Models

Logical

Server and

Application

Isolation

Granular

Information

Access

Policy

Logical

Network

Isolation

Physical

server

Isolation

Government

Only Physical

Network and

Facility

Isolation

ITAR

Compliant

(US

Persons

Only)

Sample Workloads

Commercial

Cloud Public facing apps.

Web sites, Dev

test, FISMA Low

Virtual Private

Cloud (VPC) Data Center

extension, TIC

environment,

email, FISMA

Moderate

AWS

GovCloud

(US)

USP Compliant

and Government

Specific Apps.

Use Cases

Over 100 Government Agencies

Including:

Agencies using AWS to support

their mission . . .

GSA Infrastructure-as-a-Service

BPA Award

NASA US RATB US Treasury USDA

NASA – Jet Propulsion Laboratory

Mars Exploration

Rovers

Mars Science

Laboratory

Deep Space

Network Carbon in the Arctic Reservoir

Vulnerability Experiment

Lunar Mapper

Mission Project

ATHLETE

Robot

Mars Science Lab - Curiosity

Fast Motion Field Test - Image Processing in the Cloud

• Massively parallel computations on EC2

Image Stitching (panorama generation)

Stereo Correlation (depth perception)

Large Image Tiling

Elasticity

• Zero to a few hundred cores, back to zero – in a few weeks

Pay-as-you-go

• Mission paid only for what it used

Scalable – NASA JPL

“[AWS] allowed us to process nearly 200,000 Cassini images within a few hours under $200. [Before AWS] we were only able to use a single machine locally and spent more than 15 days on the same task.”

- Khawaja Shams, Sr. Solutions Architect, NASA JPL

European Space Agency

ESA Centre for Earth

Observation

• Data collected by Satellites

stored in Amazon Simple

Storage Service (S3)

• Earth science data provided to

organizations around the world –

50,000 users at peak, 30 TB at a time

Scalability

• Scale up storage infrastructure as much as needed

Speed and Agility

• Avoided time to procure dedicated hardware with on-demand

service

Government Solution Providers

“This new offering will enable the US federal government to continue to improve their organization’s performance, effectiveness, and efficiency with increased transparency. ESRI is pleased to continue working with AWS to offer federal agencies the powerful coupling of the cloud with ESRI’s suite of tools for mapping and geographic analysis.”

-Jack Dangermond, President, ESRI

AWS Gov Cloud Summit II

• Customers who are interested in learning more about the AWS GovCloud (US) should contact their government sales representative by filling out the Contact Us form on the AWS GovCloud (US) website.

• http://aws.amazon.com/govcloud-us/contact/ or call us at 703-561-9600

Getting Started

AWS Gov Cloud Summit II

• Steven Halliwell – GM SLED at shall@amazon.com or (954) 778-6667

• Steve Spano – Global Defense and Aerospace at sspano@amazon.com

• Thomson Nguy or Cindy Brent – Civilian Agencies: Thomson at

tnguy@amazon.com or (703)-371-8541 and Cindy at cybr@amazon.com or (703) 402-0880

• Brett McMillien – Healthcare and Department of Energy mcmillen@amazon.com or (571) 239-8860

• Mark Fox – Department of Defense at markfox@amazon.com or (703) 598-5822

• Dave Hirko – Intelligence Community Hirko@amazon.com or (571) 421-7729

or go direct to:

AWS Gov Cloud Summit II

Thank You!!