AWS Public Sector Blog
Category: AWS GovCloud (US)
Amazon WorkSpaces supports CAC/PIV smartcard authentication
With a recent feature release, Amazon Web Services (AWS) customers can now use CAC/PIV cards when using Amazon WorkSpaces to access government systems. Amazon WorkSpaces is a desktop as a service solution that helps users access all of their desktop applications from anywhere. This feature supports pre-session and in-session authentication.
Amazon FSx now available in AWS GovCloud (US)
Amazon FSx is now available in the AWS GovCloud (US) Regions, allowing government agencies, educational institutions, and nonprofits to scale their most sensitive file-based workloads to reduce cost and streamline operations. When customers move their NAS data and applications to AWS, they benefit from increased cost savings, improved security, and flexibility to modernize their infrastructure at their own pace. This allows organizations to focus more on the mission-critical parts of their application and driving more innovation.
Enabling SAML 2.0 federation with AWS IAM Identity Center and AWS GovCloud (US)
AWS IAM Identity Center helps administrators centrally manage access to multiple AWS accounts that are members of an AWS Organization. End users can authenticate and then access all their AWS accounts from a single interface. Using IAM Identity Center as a SAML identity provider for your AWS accounts also has security benefits: user credentials provided via federation are temporary. IAM Identity Center does not automatically detect AWS GovCloud (US) accounts associated with standard AWS accounts in your AWS Organization. IAM Identity Center is also not currently available in AWS GovCloud (US). As a result, IAM Identity Center cannot be used to automatically provision access for your users into an AWS GovCloud (US) account. However, this functionality can be extended to enable federation into AWS GovCloud (US) with a “custom SAML 2.0 application” in IAM Identity Center.
Using AWS SSO with Microsoft Azure AD to federate to AWS GovCloud (US)
Many government customers use AWS GovCloud (US) because it provides an environment for sensitive data and regulated workloads by addressing a number of U.S. government security and compliance requirements. In many cases, customers have a number of AWS GovCloud (US) accounts and managing authentication and authorization can require a lot of work. These customers may also use Microsoft Azure Active Directory (Azure AD) for identity management, single sign-on (SSO), and multi-factor authentication (MFA). This post builds on features and functionality announced earlier by demonstrating the necessary steps to configure Azure AD, AWS SSO, and the AWS GovCloud (US)-specific identity provider centrally for ease of management.
Accelerate cloud compliance for sensitive and regulated workloads: Register for AWS Compliance Week
If you are a technology professional looking to understand how cloud security adheres to compliance requirements, attend our AWS Compliance Week webinar series on November 2-6. You will learn how to architect compliant, multi-region cloud environments, establish agile governance for regulated workloads, and use new AWS solutions to help accelerate compliance. Hear government and industry perspectives on achieving high compliance from the General Services Administration’s FedRAMP program management office, and customers Maxar, Salesforce, and Coalfire.
New IDC whitepaper released: How government agencies meet security and compliance requirements with the cloud
A new IDC whitepaper, sponsored by AWS, “How Government Agencies Meet Security and Compliance Requirements in the Cloud” examines why federal agencies are moving more systems and information to the cloud as a launching point for agency-wide IT modernization. The paper shares executive, legislative, and other government-wide initiatives influencing agencies to accelerate their cloud adoption plans, risks IT leaders face by delaying cloud migrations, and how secure, compliant cloud environments help agencies achieve compliance and security for their sensitive workloads.
Helping more than 100 partners achieve FedRAMP Authority to Operate (ATO)
Government agencies have accelerated their transition to the cloud over the last few years, and COVID-19 has accelerated the urgency and pace of that move. A benefit of moving to the cloud is increased security. But to realize this, new infrastructure must be implemented and managed correctly, using best practices and the right technologies. Working with our partners, AWS has helped dozens of solutions accelerate their FedRAMP authorizations. There are more than 100 FedRAMP-authorized solutions running on AWS.
U.S. Census brings nationwide count to the AWS Cloud
The U.S. Census Bureau has made history by inviting people to participate in its decennial count online for the first time, powered by Amazon Web Services (AWS). The decennial census is an official count of every person living in the United States and five U.S. territories, and it takes place once every ten years. To help bring the Census online, the Census Bureau moved its 2020census.gov website to AWS GovCloud (US).
Securing Amazon S3 Glacier with a customer-managed encryption key
Customer managed encryption keys are a common architecture requirement within highly regulated workloads. This post demonstrates how to satisfy this requirement within Amazon Simple Storage Service (Amazon S3), including Amazon S3 Glacier. We also clarify some common points of confusion and demonstrate how objects can be uploaded directly to Amazon S3 Glacier via Amazon S3, which can help meet regulatory requirements as well as potentially save budget.
Supporting elections through voter education and information access, security and scalability, and absentee voting
Even in uncertain times, election officials and political stakeholders are committed to serving a dynamic electorate in a secure, scalable, and cost-effective way. Cloud-based technologies from Amazon Web Services (AWS) and the AWS Partner Network (APN) can help elections administrators, campaigns, and civic engagement organizations with access to information, security and scalability, and absentee voting workflow solutions.