AWS Public Sector Blog

Category: Technical How-to

How UK public sector customers can implement NCSC security principles to protect data transfers to AWS

To drive innovation and optimise operations in the Amazon Web Services (AWS) Cloud, UK public sector organizations need to transfer data quickly and safely, in accordance with the National Cyber Security Centre (NCSC)’s guidance on how to configure, deploy, and use cloud services securely. The NCSC provides security guidance for protecting government systems, planning for cyber incidents, and more. In this post, we cover how you can configure AWS services—like AWS DataSync, AWS Storage Gateway, and AWS Transfer Family—to align your data transfer solution with the NCSC’s cloud security principles, as understanding these configurations is important to protect data and meet requirements for local force accreditation.

AWS Secure Environment Accelerator (ASEA) connectivity with VMware Cloud on AWS

The AWS Secure Environment Accelerator (ASEA) landing zone helps customers deploy and operate a secure multi-account, multi-Region AWS environment. Governments in Canada and others around the world currently use the ASEA, with over 30 deployments to date. Some of these same customers also use VMware Cloud on AWS to integrate on-premises vSphere environments, allowing them to move existing workloads to the cloud more quickly. Integrating your VMware workload with natively managed AWS services can help you reduce your operational overhead and optimize your total cost of ownership (TCO). In this blog post, we review the technical considerations related to integrating your ASEA landing zone with your VMware Cloud on the AWS environment.

How to set up Galaxy for research on AWS using Amazon Lightsail

Galaxy is a scientific workflow, data integration, and digital preservation platform that aims to make computational biology accessible to research scientists that do not have computer programming or systems administration experience. Although it was initially developed for genomics research, it is largely domain agnostic and is now used as a general bioinformatics workflow management system, running on everything from academic mainframes to personal computers. But researchers and organizations may worry about capacity and the accessibility of compute power for those with limited or restrictive budgets. In this blog post, we explain how to implement Galaxy on the cloud at a predictable cost within your research or grant budget with Amazon Lightsail.

Building a serverless web application architecture for the AWS Secure Environment Accelerator (ASEA)

Government departments work hard to meet required security framework controls for cloud services, and obtaining an Authority to Operate (ATO) can sometimes take up to 18 months. To assist with this process, AWS developed the open-source AWS Secure Environment Accelerator (ASEA), a tool designed to help deploy and operate secure multi-account AWS environments. This post describes how government departments can more simply deploy a web application consisting of a single-page application (SPA), backend API, and database within ASEA.

How nonprofits can automate tax-exempt status across AWS accounts

Many nonprofits and other tax-exempt organizations need to make sure their tax status is correct across their Amazon Web Services (AWS) accounts. A new tax analyzer solution automatically detects the tax status of all AWS accounts across an organization. In this blog post, discover how this simple solution identifies which AWS accounts across an organization are paying sales tax, and learn how this solution can quickly remediate tax status by opening an AWS support case automatically.

How to deploy HL7-based provider notifications on AWS Cloud

Electronic notifications of patient events are a vital mechanism for care providers to improve care coordination and promote appropriate follow-up care in a timely manner. This post shows how a combination of Amazon Web Services (AWS) technologies, like AWS Lambda, Amazon Comprehend Medical, and AWS Fargate, can effectively manage and deliver actionable data to help healthcare customers deliver electronic notifications in a secure and efficient way.

How to scale and optimize Moodle LMS on AWS

Moodle is an open-source learning management system (LMS). Moodle has more than 300 million users worldwide across both academic and enterprise organizations, and is the world’s most widely used learning platform. There are many ways to get started with Moodle on AWS. In this blog post, I focus on how to scale and optimize Moodle once you are already serving students. In this case, you may need to deal with migrating data from an existing platform and making sure the new environment caters to thousands of students, and still be cost-effective — we cover additional considerations in this walkthrough.

Automate security orchestration in AWS Security Hub with Trend Micro Cloud One

As organizations mature in their cybersecurity capabilities, they are looking to try and leverage automation to reduce the operational burden of alerting, detecting, and responding to threats. This blog post walks through how to combine findings from disparate security systems into a single operational view to help analysts identify, respond, and remediate existing threats while maintaining a dynamic response platform that scales with their environment.

Use Migration Evaluator in protected or regulated environments by anonymizing sensitive network data

The AWS Migration Evaluator can help organizations with VMware fleets by collecting detailed data on VM (virtual machine) usage and using that to prepare a business case for moving to the cloud and estimate the cost of migration. However, sensitive network data collected by the Migration Evaluator, such as system names and IP addresses, cannot leave highly secured and regulated organisations. In this blog post, learn how a simple python script can anonymize AWS Migration Evaluator usage data, allowing it to be uploaded even in highly regulated environments.

Analyze terabyte-scale geospatial datasets with Dask and Jupyter on AWS

Terabytes of Earth Observation (EO) data are collected each day, quickly leading to petabyte-scale datasets. By bringing these datasets to the cloud, users can use the compute and analytics resources of the cloud to reliably scale with growing needs. In this post, we show you how to set up a Pangeo solution with Kubernetes, Dask, and Jupyter notebooks step-by-step on Amazon Web Services (AWS), to automatically scale cloud compute resources and parallelize workloads across multiple Dask worker nodes.