AWS Public Sector Blog
Category: AWS PrivateLink
Empowering the public sector with secure, governed generative AI experimentation
The Generative AI Sandbox on AWS, powered by Amazon Bedrock Studio, provides a secure, governed, and isolated environment for organizations to explore the power of large language models (LLMs) and other generative artificial intelligence capabilities. Bedrock Studio users can test different LLMs side by side to understand which ones best suit their specific use cases: from drafting policy documents to analyzing public feedback, or creating educational content.
Simplify firewall deployments using centralized inspection architecture with Gateway Load Balancer
As government organizations transition to Amazon Web Services (AWS), they often seek to maintain operational continuity by using their existing on-premises firewall solutions. Gateway Load Balancer (GWLB) enables seamless integration of these firewall appliances into the AWS architecture, ensuring consistent security policies and minimizing disruptions. This post explores best practices for implementing GWLB to facilitate centralized traffic inspection for both east-west and north-south traffic flows.
Safeguarding data exchange in government using AWS
When government agencies choose Amazon Web Service (AWS) to store data, they choose to take advantage of inheriting the strictest security controls and standards. In addition, AWS services offer a unique opportunity to enhance networking and security approaches, ensuring safe and resilient data transfer mechanisms. This blog post provides guidance towards data sharing among government agencies, offering prescriptive approaches and best practices for implementing secure data exchange solutions using AWS services.
Web filtering for education using AWS Network Firewall
Managing access to websites and safeguarding users from harmful content is a critical component of a layered cybersecurity approach, especially in educational settings. Schools and institutions of higher learning have a responsibility to provide a secure online experience for their students and staff. Traditionally, this has been accomplished through on-site web filtering appliances. Amazon Web Services ( AWS) Network Firewall allows customers to filter their outbound web traffic from on-premises environments based on fully qualified domain names (FQDN) or Server Name Indication (SNI) for encrypted traffic. This post will use AWS Client VPN to demonstrate routing and filtering traffic from external resources through Network Firewall.
How AWS helps agencies meet OMB AI governance requirements
The Amazon Web Services (AWS) commitment to safe, transparent, and responsible artificial intelligence (AI)—including generative AI—is reflected in our endorsement of the White House Voluntary AI Commitments, our participation in the UK AI Safety Summit, and our dedication to providing customers with features that address specific challenges in this space. In this post, we explore how AWS can help agencies address the governance requirements outlined in the Office of Management and Budget (OMB) memo M-2410 as public sector entities look to build internal capacity for AI.
Connectivity patterns between AWS GovCloud (US) and AWS commercial partition
AWS GovCloud (US) was architected to have isolation (both physically and logically) from other AWS partitions for compliance. For this reason, AWS services, used to privately interconnect virtual private cloud (VPC) hosted resources within the same partition like AWS PrivateLink, Amazon Virtual Private Cloud (Amazon VPC) peering, or AWS Transit Gateway peering, cannot span from AWS GovCloud (US) to commercial Regions natively by design. In this post, we will highlight four connectivity patterns customers can use to interconnect VPC hosted systems cross partition.
Optimizing the US mortgage market with AWS
Common Securitization Solutions (CSS), a joint Freddie Mac and Fannie Mae venture launched in 2013, supports a cornerstone of the American economy: home ownership. CSS built and now operates the largest and most advanced mortgage securitization platform in the US, supporting Freddie Mac and Fannie Mae’s 70 percent market share of the industry with flexibility, scalability, and security at its core. Read this blog post to learn how CSS uses Amazon Web Services (AWS) to power their solutions in the cloud.
Cloud incident response at UNSW with digital forensics powered by AWS
In the digital age, universities face increasing cyber threats that put valuable data at risk. The University of New South Wales (UNSW) is taking proactive measures to address this growing concern. Read this blog post to learn how UNSW is collaborating with Amazon Web Services (AWS) to modernize its IT infrastructure and bolster cybersecurity defenses as part of its cloud transformation program.
How to implement CNAP for federal and defense customers in AWS
In July 2021, the U.S. Department of Defense (DoD) released a cloud native access point (CNAP) reference design that follows zero trust architecture (ZTA) principles and provides a new approach to access mission owner (MO) applications. The DoD’s reference design discusses four core capabilities of CNAP: authenticated and authorized entities (C1), authorized ingress (C2), authorized egress (C3), and security monitoring and compliance enforcement (C4). In this blog post, we walk through how to establish the C2 component via a virtual internet access point (vIAP) with AWS. The proposed architectures can reduce operational cost and management overhead, while improving the accessibility, resiliency, and security of mission owner applications.
How NLCHI provides hybrid access to their EHR system through AWS PrivateLink
The Newfoundland and Labrador Centre for Health Information (NLCHI) provides quality information to health professionals, the public, researchers, and health system decision makers. Through collaboration with the health system, NLCHI supports the development of data and technical standards, maintains key health databases, carries out analytics and evaluation, and supports health research. This post details how NLCHI is able to provide secure and scalable access to their on-premises provincial electronic health record (EHR) system, by trusted and authorized partners who run on AWS, through the use of AWS PrivateLink, Network Load Balancer, and AWS Site-to-Site VPN.