AWS Public Sector Blog

Category: Technical How-to

How to meet business data resiliency with Amazon S3 cross-Region replication

While S3 provides regional data resiliency, customers often have compliance and business requirements to replicate their data to a second Region that is hundreds (or even thousands) of miles away from their primary location. Amazon S3 replication provides an automatic mechanism to make identical copies of your objects in a destination Region of your choice. Replication enables automatic, asynchronous copying of objects across S3 buckets. Learn how to configure S3 Cross Region Replication with S3 RTC feature, and do a walk-through of how to configure event notification for S3 replication events and configuring Amazon CloudWatch alarms for the replication metrics.

Read More
close up of man holding cell phone

Keeping Canadians safe while protecting their privacy: COVID Alert app

The Government of Canada (GC) set ambitious goals at the onset of COVID-19. One goal: to offer a mobile app to notify its users of possible exposures before symptoms appear in a way that wouldn’t jeopardize their privacy. In July, the GC released the COVID Alert app, an exposure notification application. COVID Alert doesn’t require users to enter—nor does it obtain from the mobile device—any personally identifiable information (PII) and doesn’t use location tracking. Let’s take a look at COVID Alert app’s cloud-based architecture and how the app is helping slow the spread of COVID-19, and helping keep Canadians safe while protecting privacy.

Read More
woman researcher at computer in lab

An introduction to AWS for research IT: Getting started in the cloud

The cloud can help researchers process complex workloads, store and analyze enormous amounts of data, collaborate globally, and accelerate research and innovation. For research IT, Amazon Web Services (AWS) can help build scalable, cost-effective, and flexible environments while still maintaining the governance and guardrails for security and compliance. Following best practices, AWS allows for centralized management of resources, improved security and compliance of research workloads, and can save costs and accelerate innovation. What are some common questions from research IT customers?

Read More
live streaming audio broadcast microphone and on air sign

Live streaming to Facebook and YouTube with AWS Elemental MediaLive

The COVID-19 pandemic pressed organizations to virtualize events that would have previously been held in person, like town halls, school board meetings, public health announcements, and more. While larger organizations may have existing media departments, smaller organizations have had to find ways to utilize social media and other consumer-grade resources to stream these events online. This post walks through how to use AWS Elemental MediaLive to stream to Facebook Live and YouTube Live using an AWS CloudFormation stack to stand up resources automatically.

Read More
Photo by Hunter Harritt on Unsplash

Modern data engineering in higher ed: Doing DataOps atop a data lake on AWS

Modern data engineering covers several key components of building a modern data lake. Most databases and data warehouses, to an extent, do not lend themselves well to a DevOps model. DataOps grew out of frustrations trying to build a scalable, reusable data pipeline in an automated fashion. DataOps was founded on applying DevOps principles on top of data lakes to help build automated solutions in a more agile manner. With DataOps, users apply principles of data processing on the data lake to curate and collect the transformed data for downstream processing. One reason that DevOps was hard on databases was because testing was hard to automate on such systems. At California State University Chancellors Office (CSUCO), we took a different approach by residing most of our logic with a programming framework that allows us to build a testable platform. Learn how to apply DataOps in ten steps.

Read More
Enabling SAML AWS SSO GovCloud

Enabling SAML 2.0 federation with AWS SSO and AWS GovCloud (US)

AWS SSO helps administrators centrally manage access to multiple AWS accounts that are members of an AWS Organization. End users can authenticate and then access all their AWS accounts from a single interface. Using AWS SSO as a SAML identity provider for your AWS accounts also has security benefits: user credentials provided via federation are temporary. AWS SSO does not automatically detect AWS GovCloud (US) accounts associated with standard AWS accounts in your AWS Organization. AWS SSO is also not currently available in AWS GovCloud (US). As a result, AWS SSO cannot be used to automatically provision access for your users into an AWS GovCloud (US) account. However, this functionality can be extended to enable federation into AWS GovCloud (US) with a “custom SAML 2.0 application” in AWS SSO.

Read More
earth connections light blockchain

How AWS and blockchain make it possible to meet the challenges of interoperability in healthcare

Health information is generally disorganized, unstructured, and stored in various formats, making it impractical to trace patient history and promote the exchange of information on a national scale with other health professionals. A solution to this issue is the creation of a unique patient registry, which can be defined as a repository of retrospective, current, and prospective information of the patient in digital format. The main objective of this registry is to promote integrated, continuous, efficient, quality health care. In addition, the registry needs to be accessible and available to different health institutions. When building these registries, it’s necessary to use standards to define not only how the information is structured, but also how it can be retrieved and shared among the different HIS in a safe, scalable, cost-efficient way. This can be done using blockchain.

Read More
data center cloud

A pragmatic approach to RPO zero

Nobody wants to lose data—and setting a Recovery Point Objective (RPO) to zero makes this intent clear. Customers with government mission-critical systems often need to meet this requirement, since any amount of data loss will cause harm. RPO covers both resilience and disaster recovery—everything from the loss of an individual physical disk to an entire data center. Existing systems support RPO zero through a combination of architecture patterns (including resilient messaging) and on-premises legacy databases. Frequently interpreted as a database or storage requirement, providing for RPO zero requires thinking about the entire system. To do so, you can use AWS services and architecture patterns, which provide resilience to failure with clustering, auto scaling, and failover across multiple data centers within one region.

Read More
Serverless GIS

Serverless GIS with Amazon S3, open data, and ArcGIS

If you are hosting an ArcGIS web app today, then you are probably hosting it on a Windows or Linux server using traditional web server software like IIS or Apache. With the web hosting capability of Amazon S3 you can remove the need to run these servers and the maintenance, management, and monitoring overhead that comes with it. Serverless services like Amazon S3 can scale automatically and can be as simple as copying over your website assets to get up and running in minutes. This blog focuses on web app implementations using ArcGIS API for JavaScript (as other ArcGIS web apps have additional considerations).

Read More

Using AWS SSO with Microsoft Azure AD to federate to AWS GovCloud (US)

Many government customers use AWS GovCloud (US) because it provides an environment for sensitive data and regulated workloads by addressing a number of U.S. government security and compliance requirements. In many cases, customers have a number of AWS GovCloud (US) accounts and managing authentication and authorization can require a lot of work. These customers may also use Microsoft Azure Active Directory (Azure AD) for identity management, single sign-on (SSO), and multi-factor authentication (MFA). This post builds on features and functionality announced earlier by demonstrating the necessary steps to configure Azure AD, AWS SSO, and the AWS GovCloud (US)-specific identity provider centrally for ease of management.

Read More