Category: AWS PrivateLink
In July 2021, the U.S. Department of Defense (DoD) released a cloud native access point (CNAP) reference design that follows zero trust architecture (ZTA) principles and provides a new approach to access mission owner (MO) applications. The DoD’s reference design discusses four core capabilities of CNAP: authenticated and authorized entities (C1), authorized ingress (C2), authorized egress (C3), and security monitoring and compliance enforcement (C4). In this blog post, we walk through how to establish the C2 component via a virtual internet access point (vIAP) with AWS. The proposed architectures can reduce operational cost and management overhead, while improving the accessibility, resiliency, and security of mission owner applications.
The Newfoundland and Labrador Centre for Health Information (NLCHI) provides quality information to health professionals, the public, researchers, and health system decision makers. Through collaboration with the health system, NLCHI supports the development of data and technical standards, maintains key health databases, carries out analytics and evaluation, and supports health research. This post details how NLCHI is able to provide secure and scalable access to their on-premises provincial electronic health record (EHR) system, by trusted and authorized partners who run on AWS, through the use of AWS PrivateLink, Network Load Balancer, and AWS Site-to-Site VPN.