AWS Public Sector Blog

Category: AWS GovCloud (US)

How to improve government customer experience by building a modern serverless web application in AWS GovCloud (US)

Modern applications built using microservices architectures improve customer experience by dramatically reducing the risk of failures in a web application. In this blog post, we present a sample AWS reference architecture of a microservices application built using an architecture framework based in AWS GovCloud (US), which can help support adherence to a Federal Risk and Authorization Management Program (FedRAMP) High Baseline.

How the US DOJ Tax Division built a remote telework application in six weeks with AWS

In mid-February of 2022, the US federal government began planning the return-to-office after the COVID-19 pandemic. The US Department of Justice (DOJ) Tax Division needed to quickly build and launch a telework authorization application by April 1, which would help their more than 500 attorneys, paralegals, and administrative personnel request a hybrid work arrangement—all while keeping sensitive information compliant and secure. To do this, the DOJ Tax Division worked with AWS to build an enterprise-level telework approval application in less than two months, before the Division’s re-entry in mid-April of 2022.

How to implement CNAP for federal and defense customers in AWS

In July 2021, the U.S. Department of Defense (DoD) released a cloud native access point (CNAP) reference design that follows zero trust architecture (ZTA) principles and provides a new approach to access mission owner (MO) applications. The DoD’s reference design discusses four core capabilities of CNAP: authenticated and authorized entities (C1), authorized ingress (C2), authorized egress (C3), and security monitoring and compliance enforcement (C4). In this blog post, we walk through how to establish the C2 component via a virtual internet access point (vIAP) with AWS. The proposed architectures can reduce operational cost and management overhead, while improving the accessibility, resiliency, and security of mission owner applications.

AWS GovCloud (US) or standard? Selecting the right AWS partition

This blog post explores the options US public sector customers and their business partners should evaluate when selecting an AWS partition. We discuss the differences between AWS GovCloud (US) and the AWS standard partition and how to decide which partition may be the best match for your organization’s security, compliance, and availability needs.

Move data in and out of AWS GovCloud (US) with Amazon S3

Increasingly, AWS customers are operating workloads both in AWS GovCloud (US) and standard AWS Regions. Dependencies between workloads, changing data controls, or enrichment of data across multiple data levels are examples of business needs that may require moving data in and out of AWS GovCloud (US). In this blog post, I explain how to move data between Amazon Simple Storage Service (Amazon S3) buckets in the AWS GovCloud (US) and standard partitions.

Move data in and out of AWS GovCloud (US) with AWS DataSync

As public sector customers find increasing need to move data between the AWS GovCloud (US) partition and the standard partition, they need tools to help them lower their operational burden. In this blog post, I walk through how to use AWS DataSync to move data on network file system (NFS) shares between the two partitions.

Announcing second AWS Top Secret Region, extending support for US government classified missions

AWS Top Secret-West is accredited to operate workloads at the Top Secret U.S. security classification level. The new Region adds multiple Availability Zones geographically separated from AWS Top Secret-East. With two Top Secret Regions, customers in the U.S. defense, intelligence, and national security communities can deploy multi-Region architectures to achieve the highest levels of resiliency and availability essential to their most critical national security missions.

10 years of government cloud innovation with AWS GovCloud (US)

Ten years ago, the federal government was only just beginning to adopt cloud computing services. In the early days, there were concerns about how much cloud services would cost and whether they’d be secure enough for sensitive government data. In listening to our government customers, we heard their concerns about cost and security. They also needed to innovate ahead of demand, and required a highly secure and compliant infrastructure to do it. That’s why we launched AWS GovCloud (US) in 2011.

Accelerate CMMC compliance with the AWS CMMC Customer Responsibility Matrix

AWS is launching the AWS Cybersecurity Maturity Model Certification (CMMC) Customer Responsibility Matrix (CRM). The AWS CMMC CRM reduces the level of effort required for CMMC compliance by providing customers a breakdown of the CMMC practices that they can inherit from AWS, and identifies CMMC practice roles and responsibilities when using the AWS Compliant Framework for Federal and DoD Workloads in AWS GovCloud (US).

Analyze controlled unclassified data with SAS Viya EKS on AWS GovCloud (US)

SAS Viya is a highly available, cloud-native analytics platform. The latest version of SAS Viya on Amazon Elastic Kubernetes Service (Amazon EKS) allows customers to receive all of Kubernetes’ advantages without the trouble of maintaining their own Kubernetes infrastructure. Plus, customers also inherit AWS compliance controls, which can accelerate the journey to achieving FedRAMP authority to operate (ATO) in AWS US Regions. In this post, we show the key components of the SAS Viya architecture along with its core features to help customers on their journey to the cloud.