AWS Outposts Documentation

AWS Outposts racks are designed to deliver AWS infrastructure, native AWS services, APIs, and tools to an on-premises facility.

Compute & storage

You can choose from a range of Outposts rack configurations to meet application and data residency needs. You can also contact AWS to help create a customized configuration designed for your application needs. 

Compute

The AWS Outposts racks catalog is designed to include options supporting the latest generation Intel powered EC2 instance types.

General purpose (M7i/M5/M5d) instances are designed to provide a balance of compute, memory, and network resources and can be used for a variety of workloads.

Compute-optimized (C7i/C5/C5d) instances are designed for compute-intensive workloads.

Memory-optimized (R7i/R5/R5d) instances are designed to deliver performance for workloads that process large data sets in memory.

Accelerated computing (G4dn) instances are designed to help machine learning inference and graphics-intensive workloads.

Accelerated networking (Bmn-sf2e/Bmn-cx2) instances on Outposts racks are designed for compute- and network-intensive and latency-sensitive workloads on-premises. To deliver the best possible performance, in addition to the Outposts logical network, these instances are designed to feature a secondary bare metal network with network accelerator cards connected to customer-TOR switches within each Outposts compute rack.

Bmn-sf2e instances are high-frequency and high-memory instances.

Bmn-cx2 instances are designed for workloads with higher throughput but less stringent latency requirements. These workloads include real-time market data ingestion and distribution, market and risk analytics, telecom 5G core, and media distribution.

*Outposts racks with Bmn-sf2 and Bmn-cx2 instances are configured differently than Outposts racks with other Amazon EC2 instances. Certain features detailed on this page may not apply to Outposts racks with Bmn instances.

Storage  

Amazon EBS: AWS Outposts racks are designed to offer Amazon Elastic Block Store (EBS) volumes. You can attach or detach EBS volumes to EC2 instances on your Outposts. EBS volumes can be used as boot or data volumes. Amazon EBS allows you to modify your volume size or performance. Outposts that are enabled for snapshots are designed to back up the data on your EBS volumes by making point-in-time copies known as EBS snapshots. Each snapshot is designed to contain the information that is needed to restore your data. An EBS volume restored from a snapshot contains the data from the point-in-time snapshot. EBS volumes and snapshots on Outposts are designed to be encrypted.

Amazon S3 on Outposts: S3 on Outposts is designed to deliver object storage to your on-premises AWS Outposts rack environment. Using the S3 APIs and features available in AWS Regions, S3 on Outposts helps you store and retrieve data on your Outpost, as well as secure the data, control access, tag, and report on it. S3 on Outposts enables you to store data on your Outpost.

Networking

Outposts network rack

An Outposts network rack is designed to serve as a traffic aggregation layer for connected compute and storage racks. It enables you to decouple compute scaling from networking to support resource utilization. It is also designed with resiliency to handle network device failures.

VPC extension

You can extend your existing Amazon VPC to your Outpost rack in your on-premises location. After installation, you can create a subnet in your regional VPC and associate it with an Outpost rack. Instances in Outpost rack subnets communicate with other instances in the AWS Region using private IP addresses within the same VPC. 

Local gateway

Each Outpost is designed to provide a local gateway (LGW) that enables you to connect your Outpost resources with your on-premises networks. LGW helps to enable connectivity between the Outpost and local data sources, end users, local machinery and equipment, or local databases.

Load balancer

You can provision an Application Load Balancer (ALB) to distribute incoming HTTP(S) traffic across multiple targets on your Outposts racks. ALB on Outposts rack is designed to operate in a single subnet, and scale up to the capacity available on the Outposts rack to meet varying levels of application load. 

Private Connectivity

AWS Outposts Private Connectivity is designed to help you establish a service link VPN connection from your Outposts to the AWS Region over AWS Direct Connect.

Direct VPC routing and Customer-owned IP

Direct VPC routing for AWS Outposts enables your on-premises environment to directly communicate with the Outpost using the private subnets configured in the VPC. Alternatively, you can use the Customer-owned IP (CoIP) routing mode where the Outpost uses a separate IP address pool provided by you from your on-premises network. If you choose CoIP, the IP address pool is design to be assigned to the local gateway and advertised back to your network through BGP. In this mode, the local gateway is designed to perform NAT for instances to the CoIP address when communicating to on-premises environment. 

Intra-VPC communication across multiple Outposts

You can add routes in your Outposts rack subnet route table to forward traffic between subnets within the same VPC spanning across multiple Outposts using LGW. This enables intra-VPC instance-to-instance communication across Outposts through your on-premises network, via direct VPC routing. With intra-VPC communication across multiple Outposts, you can build Multi-AZ like architectures for your on-premises applications running on Outposts racks that are anchored to different Availability Zones (AZs).

Multiple local gateway routing domains

You can create multiple isolated network segments on your Outpost using multiple LGW routing domains*. This feature is designed to enable traffic separation between routing domains and support both Customer-owned IP (CoIP) and direct VPC routing modes on the same Outpost. You can create and modify Virtual Interfaces (VIFs) and VIF Groups using the AWS Management Console or CLI.

*This feature may be available on second-generation Outposts racks only.

Amazon Route 53 Resolver on Outposts

Route 53 Resolver on Outposts enables you to resolve Domain Name Server (DNS) queries locally on an Outpost to support the availability and performance of on-premises applications.

AWS services on Outposts

You can run a variety of AWS services locally to build and run your applications on premises.

Containers

Amazon ECS: You can run a scalable container orchestration service that supports Docker containers and allows you to run and scale containerized applications on Outposts racks. With ECS on Outposts you can run containerized applications that require low latencies to on-premises systems. Amazon ECS is designed to be running on Outposts racks. With API calls, you can launch and stop Docker-enabled applications and query the state of your application.

Databases

Amazon RDS on Outposts: Amazon RDS supports capacity and administration tasksfor managed databases.

Amazon ElastiCache on Outposts: ElastiCache is an in-memory data store designed for real-time applications with sub-millisecond latency. Amazon ElastiCache on Outposts enables you to set up, run, and scale popular open-source compatible in-memory data stores on Outposts racks. You can build data-intensive apps or support the performance of your existing databases by retrieving data from in-memory data stores.

* Amazon ElastiCache may be locally supported on first-generation Outposts racks only.

Data analytics

Amazon EMR: Amazon EMR clusters running on Outposts racks in your data center, co-location space, or on-premises facility are designed to provide a hybrid cloud analytics experience. You can deploy secure and managed EMR clusters in your data center. When launching an EMR cluster into an Outpost, you can use the EMR console, SDK, or CLI to specify the subnet associated with your Outpost. Your EMR clusters are designed to run in the on-premises Outposts rack instance and appear in the EMR console.

* Amazon EMR may be locally supported on first-generation Outposts racks only.

Access regional services

AWS Outposts rack is designed to be an extension of the AWS Region. You can extend your Amazon Virtual Private Cloud on premises and connect to a broad range of services available in the AWS Region. 

Disaster recovery

AWS Elastic Disaster Recovery (AWS DRS) is designed to reduce downtime and data loss in the event of a site failure with recovery of on-premises and cloud-based applications. With AWS DRS, you can configure your Outposts racks as the source or the destination of your data replication and recovery.

Security and Compliance

Security model

AWS Outposts racks are designed to have a shared responsibility model underlying security.

High availability

Outposts include redundant networking switches and power elements to support availability. Customers can deploy multiple Outposts at a site, each tied to a different Availability Zone. In addition, customers can use EC2 placement groups on AWS Outposts to help ensure instances within a group are placed on Outposts racks.

Compute & storage

Compute

AWS Outposts servers are designed to include a 1U server that supports Arm-based AWS Graviton2 powered EC2 instances, and a 2U server that supports 3rd generation Intel Xeon Scalable powered EC2 instances.

Storage

Outposts servers are designed to support local storage used for data access and processing on premises, and to launch EBS-backed AMIs. 

Networking

VPC extension

You can extend your existing Amazon Virtual Private Cloud (VPC) to your Outposts server in your on-premises location. After installation, you can create a subnet in your regional VPC and associate it with an Outpost. Instances in Outpost subnets can communicate with other instances in the AWS Region using private IP addresses within the same VPC.

Local network interface (LNI)

Outposts servers are designed to have an LNI that provides a Layer 2 presence on your local network for AWS service endpoints. 

AWS services on Outposts

Access regional services

AWS Outposts servers are an extension of the AWS Region. You can extend your Amazon VPC on premises and connect to a broad range of services available in the AWS Region. You can access regional AWS services in your private VPC environment.

Security and Compliance

Security with the AWS Nitro System

AWS Outposts servers are built on the Nitro System, which enables AWS to provide security that helps monitor, protect, and verify your Outpost’s instance hardware and firmware. 

Security model

AWS Outposts servers operate under a shared responsibility model underlying security.

Securing data

Data-at-rest: Data is designed to be encrypted at rest.

Data-in-transit: Data is designed to be encrypted in transit between Outposts racks and the AWS Region, through the service link.

Deleting data: Data is designed to be deleted when instances are terminated.

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.