AWS Outposts Documentation

AWS Outposts is a family of fully managed solutions designed to deliver managed AWS infrastructure, native AWS services, APIs, and tools to customers at their on-premises facilities. AWS Outposts help to enable applications that need to run on premises due to low latency, local data processing, or local data storage needs while reducing the undifferentiated heavy lifting required to procure, manage, and upgrade on premises infrastructure. 

AWS Outposts racks

Compute & storage

You can choose from a range of pre-validated Outposts rack configurations offering a mix of EC2, EBS, and S3 capacity designed to meet a variety of application and data residency needs. You can also contact AWS to create a customized configuration designed for your unique application needs. 

Compute

The AWS Outposts racks catalog includes options supporting the latest generation Intel powered EC2 instance types with or without local instance storage.

Storage

The AWS Outposts rack catalog includes Amazon EBS, Amazon S3 on Outposts, Amazon EBS Snapshots, CloudEndure migration, and CloudEndure Disaster Recovery storage options.

Networking

VPC extension

You can extend your existing Amazon VPC to your Outpost rack in your on-premises location. After installation, you can create a subnet in your regional VPC and associate it with an Outpost rack just as you associate subnets with an Availability Zone in an AWS Region. Instances in Outpost rack subnets communicate with other instances in the AWS Region using private IP addresses, all within the same VPC. 

Local gateway
Each Outpost provides a new local gateway (LGW) that allows you to connect your Outpost resources with your on-premises networks. LGW helps to enable low latency connectivity between the Outpost and any local data sources, end users, local machinery and equipment, or local databases.
Load Balancer

You can provision an Application Load Balancer (ALB) to distribute incoming HTTP(S) traffic across multiple targets on your Outposts rack, such as Amazon EC2 instances, containers, and IP addresses. ALB on Outposts rack is designed to operate in a single subnet, and scale up to the capacity available on the Outposts rack to meet varying levels of application load. 

Private Connectivity
AWS Outposts Private Connectivity is designed so that you can establish a service link VPN connection from your Outposts to the AWS Region over AWS Direct Connect. Private Connectivity minimizes public internet exposure and removes the need for special firewall configurations.
Direct VPC routing and Customer-owned IP

Direct VPC routing for AWS Outposts allows your on-premises environment to directly communicate with the Outpost using the private subnets configured in the VPC. Alternatively, you can use the Customer-owned IP (CoIP) routing mode where the Outpost uses a separate IP address pool provided by you from your on-premises network.

AWS services on Outposts

You can run a variety of AWS services locally to build and run your applications on premises including Amazon ECS, Amazon EKS, Amazon RDS on Outposts, Amazon ElastiCache on Outposts, and Amazon EMR. Additionally, you can use AWS tools such as AWS CloudFormation, Amazon CloudWatch, AWS CloudTrail, Elastic BeanStalk, Cloud 9, and others to run and manage applications on Outposts rack.

Upgrading services running on Outposts

As new versions of AWS services become available in the cloud, AWS services running locally on Outposts rack will be upgraded to the latest version. 

Access regional services

AWS Outposts rack is designed to be an extension of the AWS Region. You can extend your Amazon Virtual Private Cloud on premises and connect to a broad range of services available in the AWS Region. 

Security and Compliance

Enhanced security with AWS Nitro

AWS Outposts rack builds on the AWS Nitro System technologies that enables AWS to provide enhanced security that helps monitor, protect, and verify your Outpost’s instance hardware and firmware. 

Security model

AWS Outposts rack have an updated shared responsibility model underlying security. AWS is responsible for protecting Outposts racks’ infrastructure. Customers are responsible for securing their applications running on Outposts rack as they do in the Region. With Outposts rasck, customers are also responsible for the physical security of their Outpost racks, and for ensuring consistent networking to the Outpost rack. 

High availability

Outposts are designed for high availability with redundant top of rack networking switches, power elements, and built-in, active, additional capacity (if provisioned) to help enable auto recovery workflows the same way as in AWS Regions. Similar to AWS Auto Scaling in the cloud today, we recommend best practices for high availability deployments and auto recovery workflows for easy failover in case of any underlying host issue. Customers can deploy multiple Outposts at a site, each tied to a different Availability Zone for even higher availability. In addition, customers can use EC2 placement groups on AWS Outposts to help ensure instances within a group are placed on distinct Outposts racks to reduce the impact of hardware failures.

Resource Sharing

AWS Outposts rack support for AWS Resource Access Manager (RAM) lets customers share access to Outposts rack resources.

AWS Outposts servers

Compute & storage
Compute

AWS Outposts servers includes a 1U server that supports Arm-based AWS Graviton2 powered EC2 instances, and a 2U server that supports 3rd generation Intel Xeon Scalable powered EC2 instances.

Storage
Outposts servers have up to 4x 1.9 TB raw NVMe SSD instance storage, supporting local storage used for data access and processing on premises, and for launching EBS-backed AMIs. 
 
You can use AWS instance storage to associate disk volumes to instances. For containers, you can use persistent volume interfaces to use instance storage. You can implement software-based storage durability design for data volumes across disks or across 2 or more servers, or connect to an external local storage system over the local network interface.

Networking

VPC extension

You can extend your existing Amazon Virtual Private Cloud (VPC) to your Outposts server in your on-premises location. After installation, you can create a subnet in your regional VPC and associate it with an Outpost just as you associate subnets with an Availability Zone in an AWS Region. Instances in Outpost subnets communicate with other instances in the AWS Region using private IP addresses, all within the same VPC.

Local network interface (LNI)

Outposts servers have an LNI that provides a Layer 2 presence on your local network for AWS service endpoints. 

AWS services on Outposts

Locally supported AWS Services

You can run ECS, IoT Greengrass, or Sagemaker Edge Manager locally on Outposts servers, and connect to the AWS Region for a broad range of services available in the AWS Region.

Access regional services

AWS Outposts servers are an extension of the AWS Region. You can extend your Amazon VPC on premises and connect to a broad range of services available in the AWS Region. You can access all regional AWS services in your private VPC environment — for example, through interface endpoints, gateway endpoints, or their regional public endpoints.

AWS tools

You can access AWS tools running in the Region — for example, AWS CloudFormation, Amazon CloudWatch, AWS CloudTrail, Amazon Elastic Beanstalk, and AWS Cloud9.

Security and Compliance

Enhanced security with the AWS Nitro System

AWS Outposts servers are built on the Nitro System, which enables AWS to provide enhanced security that helps monitor, protect, and verify your Outpost’s instance hardware and firmware. 

Security model

AWS Outposts servers have an updated shared responsibility model underlying security. AWS is responsible for protecting infrastructure for Outposts servers similar to how it secures infrastructure in the cloud today. You’re responsible for securing your applications running on Outposts servers as you do in the Region today. You’re also responsible for the physical security of your Outpost servers and ensuring consistent networking to them.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.