Category: AWS PrivateLink

Amazon Bedrock is now generally available in the Amazon Web Services (AWS) Top Secret cloud. With authority to operate in the AWS Top Secret Cloud, Amazon Bedrock is providing U.S. Government customers with secure access to foundation models (FMs) and generative artificial intelligence (AI) capabilities within AWS’s classified environment.

The Generative AI Sandbox on AWS, powered by Amazon Bedrock Studio, provides a secure, governed, and isolated environment for organizations to explore the power of large language models (LLMs) and other generative artificial intelligence capabilities. Bedrock Studio users can test different LLMs side by side to understand which ones best suit their specific use cases: from drafting policy documents to analyzing public feedback, or creating educational content.

As government organizations transition to Amazon Web Services (AWS), they often seek to maintain operational continuity by using their existing on-premises firewall solutions. Gateway Load Balancer (GWLB) enables seamless integration of these firewall appliances into the AWS architecture, ensuring consistent security policies and minimizing disruptions. This post explores best practices for implementing GWLB to facilitate centralized traffic inspection for both east-west and north-south traffic flows.

When government agencies choose Amazon Web Service (AWS) to store data, they choose to take advantage of inheriting the strictest security controls and standards. In addition, AWS services offer a unique opportunity to enhance networking and security approaches, ensuring safe and resilient data transfer mechanisms. This blog post provides guidance towards data sharing among government agencies, offering prescriptive approaches and best practices for implementing secure data exchange solutions using AWS services.

Managing access to websites and safeguarding users from harmful content is a critical component of a layered cybersecurity approach, especially in educational settings. Schools and institutions of higher learning have a responsibility to provide a secure online experience for their students and staff. Traditionally, this has been accomplished through on-site web filtering appliances. Amazon Web Services ( AWS) Network Firewall allows customers to filter their outbound web traffic from on-premises environments based on fully qualified domain names (FQDN) or Server Name Indication (SNI) for encrypted traffic. This post will use AWS Client VPN to demonstrate routing and filtering traffic from external resources through Network Firewall.

The Amazon Web Services (AWS) commitment to safe, transparent, and responsible artificial intelligence (AI)—including generative AI—is reflected in our endorsement of the White House Voluntary AI Commitments, our participation in the UK AI Safety Summit, and our dedication to providing customers with features that address specific challenges in this space. In this post, we explore how AWS can help agencies address the governance requirements outlined in the Office of Management and Budget (OMB) memo M-2410 as public sector entities look to build internal capacity for AI.

AWS GovCloud (US) was architected to have isolation (both physically and logically) from other AWS partitions for compliance. For this reason, AWS services, used to privately interconnect virtual private cloud (VPC) hosted resources within the same partition like AWS PrivateLink, Amazon Virtual Private Cloud (Amazon VPC) peering, or AWS Transit Gateway peering, cannot span from AWS GovCloud (US) to commercial Regions natively by design. In this post, we will highlight four connectivity patterns customers can use to interconnect VPC hosted systems cross partition.

Common Securitization Solutions (CSS), a joint Freddie Mac and Fannie Mae venture launched in 2013, supports a cornerstone of the American economy: home ownership. CSS built and now operates the largest and most advanced mortgage securitization platform in the US, supporting Freddie Mac and Fannie Mae’s 70 percent market share of the industry with flexibility, scalability, and security at its core. Read this blog post to learn how CSS uses Amazon Web Services (AWS) to power their solutions in the cloud.

In the digital age, universities face increasing cyber threats that put valuable data at risk. The University of New South Wales (UNSW) is taking proactive measures to address this growing concern. Read this blog post to learn how UNSW is collaborating with Amazon Web Services (AWS) to modernize its IT infrastructure and bolster cybersecurity defenses as part of its cloud transformation program.

In July 2021, the U.S. Department of Defense (DoD) released a cloud native access point (CNAP) reference design that follows zero trust architecture (ZTA) principles and provides a new approach to access mission owner (MO) applications. The DoD’s reference design discusses four core capabilities of CNAP: authenticated and authorized entities (C1), authorized ingress (C2), authorized egress (C3), and security monitoring and compliance enforcement (C4). In this blog post, we walk through how to establish the C2 component via a virtual internet access point (vIAP) with AWS. The proposed architectures can reduce operational cost and management overhead, while improving the accessibility, resiliency, and security of mission owner applications.