AWS Public Sector Blog

Tag: AWS IAM

Elevating cloud security to address regulatory requirements for security and disaster recovery

Learn how you can build a foundation of security objectives practices, including a business continuity and disaster recovery plan, that can be adapted to meet a dynamic policy environment and support the missions of national computer security incident response teams (CSIRT), operators of essential services (OES), digital service providers (DSP), and other identified sector organizations.

Read More

Dr. B helps with equitable vaccine distribution using AWS

Healthcare organization Dr. B launched to get as many COVID-19 vaccines into as many arms as possible. To achieve its mission to make access to care—specifically the COVID-19 vaccine—more efficient and equitable, the company created a serverless solution built on Amazon Web Services (AWS).   

Read More

How to migrate on-premises workloads with AWS Application Migration Service

AWS Application Migration Service (MGN) is a highly automated lift-and-shift solution, which works by replicating your on-premises (physical or virtual) and/or cloud servers into your AWS account. When you’re ready, AWS MGN automatically converts and launches your servers on AWS so you can quickly benefit from the cost savings, productivity, resilience, and agility of the cloud. This guide teaches you how to migrate a content management system platform (CMS), based on an example with WordPress, running on a simulated on-premises environment to AWS Cloud, using MGN.

Read More
Sharing SAS data with Athena and ODBC

Sharing SAS data with Athena and ODBC

If you share data with other researchers, especially if they are using a different tool, you can quickly run into version issues, not knowing which file is the most current. Rather than sending data files everywhere, AWS offers a simple way to store your data in one central location so that you can read your data into SAS and still share it with other colleagues. In this blog post, I will explain how to export your data, store it in AWS, and query the data using SAS.

Read More
Photo by Hunter Harritt on Unsplash

Modern data engineering in higher ed: Doing DataOps atop a data lake on AWS

Modern data engineering covers several key components of building a modern data lake. Most databases and data warehouses, to an extent, do not lend themselves well to a DevOps model. DataOps grew out of frustrations trying to build a scalable, reusable data pipeline in an automated fashion. DataOps was founded on applying DevOps principles on top of data lakes to help build automated solutions in a more agile manner. With DataOps, users apply principles of data processing on the data lake to curate and collect the transformed data for downstream processing. One reason that DevOps was hard on databases was because testing was hard to automate on such systems. At California State University Chancellors Office (CSUCO), we took a different approach by residing most of our logic with a programming framework that allows us to build a testable platform. Learn how to apply DataOps in ten steps.

Read More
Enabling SAML AWS SSO GovCloud

Enabling SAML 2.0 federation with AWS SSO and AWS GovCloud (US)

AWS SSO helps administrators centrally manage access to multiple AWS accounts that are members of an AWS Organization. End users can authenticate and then access all their AWS accounts from a single interface. Using AWS SSO as a SAML identity provider for your AWS accounts also has security benefits: user credentials provided via federation are temporary. AWS SSO does not automatically detect AWS GovCloud (US) accounts associated with standard AWS accounts in your AWS Organization. AWS SSO is also not currently available in AWS GovCloud (US). As a result, AWS SSO cannot be used to automatically provision access for your users into an AWS GovCloud (US) account. However, this functionality can be extended to enable federation into AWS GovCloud (US) with a “custom SAML 2.0 application” in AWS SSO.

Read More
Public sector security serverless - Darren House

How public sector security teams can use serverless technologies to improve outcomes

Serverless applications are typically discreet pieces of code that customers can use to manage security-related processes or stitch together multiple AWS services to solve a larger problem. They allow customers to build and run applications and services without dealing with infrastructure management tasks such as server or cluster provisioning, patching, operating system maintenance, and capacity provisioning. In this blog, I explain the serverless computing model, the Serverless Application Repository (SAR), solution constructs and implementations, why they matter to our government customers, and how they can use them to solve common problems.

Read More
phone notification

Building a government update notification system

Now more than ever, citizens expect effective communications from government agencies in response to COVID-19. These state and local leaders are committed to serving their citizens with the latest news as fast as possible, but not all strategies reach citizens in real time. However, it takes time for the government to implement widely available communication services to provide timely, accurate information. One solution is to concentrate the delivery of information in a single communication channel: SMS text messages.

Read More
Self-Service Security Assessment with ransomware analysis modules

Assess your security posture to identify and remediate security gaps susceptible to ransomware

As government agencies and public sector organizations modernize their IT and migrate to the AWS Cloud, the ability to gain a full, clear view of the security of their environments is a primary challenge they experience. This lack of visibility leads to blind spots and gaps in their security posture, leaving opportunity for security issues to arise. As a result, AWS developed a new open source Self-Service Security Assessment (with ransomware analysis modules) tool that provides customers with a point-in-time assessment to quickly gain valuable insights into the security posture of their AWS account.

Read More
Amazon S3 Glacier

Securing Amazon S3 Glacier with a customer-managed encryption key

Customer managed encryption keys are a common architecture requirement within highly regulated workloads. This post demonstrates how to satisfy this requirement within Amazon Simple Storage Service (Amazon S3), including Amazon S3 Glacier. We also clarify some common points of confusion and demonstrate how objects can be uploaded directly to Amazon S3 Glacier via Amazon S3, which can help meet regulatory requirements as well as potentially save budget.

Read More