AWS Dedicated Local Zones FAQs

Page topics

General

General

AWS Dedicated Local Zones is a type of on-premises infrastructure managed and operated by AWS and is built exclusively for you that provides the same benefits of cloud such as elasticity, scalability, and pay-as-you-go pricing. This infrastructure is customizable, and can be placed wherever you choose so that you can adhere to stringent data isolation, in-country data residency, and compliance requirements.

Dedicated Local Zones is for 1/government agencies looking to adhere to digital sovereignty and compliance requirements for their classified and other sensitive workloads, 2/customers in regulated industries looking to migrate to cloud but have complex dependencies with on-premises systems, 3/research organizations looking to build a community cloud that will enable researchers to leverage latest generation of Amazon EC2 instances while aligning with regulatory requirements, and 4/ high tech companies looking to run proprietary software that is subject to internal security policies on dedicated infrastructure to help protect IP and sensitive data.

AWS Local Zones are a type of AWS infrastructure deployment that places compute, storage, database, and other select services closer to customers for applications that require data residency or single-digit millisecond latency to end users. Any customer with an AWS account can utilize the resources in an AWS Local Zone. Dedicated Local Zones are Local Zones that are built for the exclusive use by a customer or community. Dedicated Local Zones offer the same benefits as Local Zones, and AWS works with customers to configure Dedicated Local Zones with additional features as needed to enable a customer to monitor and control access and operations on their private infrastructure for compliance needs.

With Dedicated Local Zones and Outposts, AWS offers customers a range of options for infrastructure deployed on-premises extending the AWS cloud services closer to the customer or their end-user.

Outposts are designed for workloads that need to remain on-premises due to latency, data residency, and local data processing, where customers want that workload to run seamlessly with the rest of their workloads in AWS. Outposts are fully managed, and configurable compute and storage racks built with AWS-designed hardware that allow customers to run compute and storage on-premises while seamlessly connecting to AWS’s breadth of services in the cloud.

Dedicated Local Zones are designed to reduce the operational overhead of managing on-premises infrastructure at scale. Some customers have long-term, complex cloud migration projects and need cloud infrastructure with elasticity and scalability that seamlessly scales to support their large-scale demand. Some of these customers represent the interests of a community of users and need multi-tenancy features with PAYG consumption to efficiently support the needs of multiple stakeholders. Dedicated Local Zones offers these cloud benefits and enable these customers to reduce the administrative burden of managing their own infrastructure on-premises with scalable, resilient, and multitenant cloud infrastructure that is fully AWS-managed and built exclusively for their use.

A key difference between Outposts and Dedicated Local Zones is the shared responsibility. With Dedicated Local Zones, AWS will manage connectivity from Dedicated Local Zones to the region, capacity planning, and operations. Dedicated Local Zones has the same shared responsibility model as Regions. Whereas with Outposts, customer is responsible for connectivity, capacity planning, security of the facility, and operations.
 

Dedicated Local Zones meet the same AWS security standards that apply to AWS Regions and AWS Local Zones, and are delivered with the AWS Nitro System to help achieve confidentiality and integrity of customer data. In addition, AWS works with customers to configure Dedicated Local Zones with additional features as needed to adhere to their regulatory requirements. These features include data access monitoring and audit programs, controls to limit infrastructure access to customer-selected AWS accounts, and options to enforce clearance criteria including residency/nationality on local AWS operating personnel.

Services in Dedicated Local Zones are covered by AWS SLAs if a customer deploys two or more Dedicated Local Zones. The SLAs for AWS services can be found here: https://aws.amazon.com/legal/service-level-agreements/

With Dedicated Local Zones, customers can run their sensitive applications using AWS services such as Amazon EC2, Amazon EBS, Amazon S3, Amazon VPC, Amazon ELB, Amazon ECS, Amazon EKS, and Amazon Direct Connect.