Infrastructure Capabilities

The AWS Global Cloud Infrastructure is the most secure, extensive, and reliable cloud platform, offering over 200 fully featured services from data centers globally. Whether you need to deploy your application workloads across the globe in a single click, or you want to build and deploy specific applications closer to your end-users with single-digit millisecond latency, AWS provides you the cloud infrastructure where and when you need it. The capabilities within this area enable you to design, build, and manage a secure and highly available cloud infrastructure.

  • The Network Connectivity capability enables you to construct secure, scalable, and highly available networks for your applications and workloads with constant high performance and extensive global coverage. This capability will also assist your team learn about cost-effective methods for managing a growing infrastructure and hybrid connection between two infrastructures.


    • CF11 – S1: Ensure connectivity in the cloud
    • CF11 – S2: Centralized or distributed network configuration and management
    • CF11 – S3: Establish hybrid connectivity
    • CF11 – S4: Establish network monitoring and logging
    • CF11 – S5: Establish DNS management
    • CF11 – S6: Establish SaaS provider connectivity
  • The Workload Isolation Boundary capability enables you to create and manage isolated environments to contain newly created or migrated workloads. This approach reduces blast radius of vulnerabilities and threats, and eases the complexity of compliance by providing mechanisms to isolate access to resources.


    • CF7 – S1: Design isolated resource environments
    • CF7 – S2: Provision process for isolated environments
    • CF7 – S3: Implement controls on resource environments
    • CF7 – S4: Provision baseline standards to isolated resource environments
    • CF7 – S5: Provision pre-approved deployable architectures
    • CF7 – S6: Decommission process for isolated environments
  • Network Security enables you to design and implement security policies and controls across different levels of the networking stack to protect your resources from external or internal threats to ensure confidentiality, availability, integrity, and usability. This capability includes prevention, detection, and blocking of anomalous network traffic based on monitoring of ingress/egress and lateral data movement.

  • Template Management is the ability to create and group reusable templates in a central repository to quickly deploy, manage, and update infrastructure, schemas, golden images, and resources across the environment. This capability includes the necessary processes to create, test, update, and validate the templates when required. These templates are pre-approved implementation patterns using already approved and onboarded AWS services, and are ready to be used by different teams based on requirements