AWS Outposts Documentation

AWS Outposts are designed to deliver managed AWS infrastructure, native AWS services, APIs, and tools to customers at their on-premises facilities. AWS Outposts help to enable applications that need to run on premises due to low latency, local data processing, or local data storage needs while reducing the undifferentiated heavy lifting required to procure, manage, and upgrade on premises infrastructure.

Compute & storage

You can choose from a range of pre-validated Outposts configurations offering a mix of EC2, EBS, and S3 capacity designed to meet a variety of application and data residency needs. You can also contact AWS to create a customized configuration designed for your unique application needs.
Compute
The AWS Outposts catalog includes options supporting the latest generation Intel powered EC2 instance types with or without local instance storage.

Networking

VPC extension
You can extend your existing Amazon VPC to your Outpost in your on-premises location. After installation, you can create a subnet in your regional VPC and associate it with an Outpost just as you associate subnets with an Availability Zone in an AWS Region. Instances in Outpost subnets communicate with other instances in the AWS Region using private IP addresses, all within the same VPC.
Local gateway
Each Outpost provides a new local gateway (LGW) that allows you to connect your Outpost resources with your on-premises networks. LGW helps to enable low latency connectivity between the Outpost and any local data sources, end users, local machinery and equipment, or local databases.
Load Balancer
You can provision an Application Load Balancer (ALB) to distribute incoming HTTP(S) traffic across multiple targets on your Outposts, such as Amazon EC2 instances, containers, and IP addresses. ALB on Outposts is designed to operate in a single subnet, and scale up to the capacity available on the Outposts rack to meet varying levels of application load.
Private Connectivity
AWS Outposts Private Connectivity is designed so that you can establish a service link VPN connection from your Outposts to the AWS Region over AWS Direct Connect. Private Connectivity minimizes public internet exposure and removes the need for special firewall configurations.

AWS services on Outposts

You can run a variety of AWS services locally to build and run your applications on premises.
Upgrading services running on Outposts
As new versions of AWS services become available in the cloud, AWS services running locally on Outposts will be upgraded to the latest version.
Access regional services
AWS Outposts is designed to be an extension of the AWS Region. You can extend your Amazon Virtual Private Cloud on premises and connect to a broad range of services available in the AWS Region.

Security

Security model
AWS Outposts have an updated shared responsibility model underlying security. AWS is responsible for protecting Outposts’ infrastructure. Customers are responsible for securing their applications running on Outposts as they do in the Region. With Outposts, customers are also responsible for the physical security of their Outpost racks, and for ensuring consistent networking to the Outpost.
Securing data
Data-at-rest: Data is encrypted at rest by default on EBS volumes, and S3 objects on Outposts.
 
Data-in-transit: Data is encrypted in transit between Outposts and the AWS Region, through the Service Link.
 
Deleting data: All data is deleted when instances are terminated in the same way as in the AWS Region.

High availability

Outposts are designed for high availability with redundant top of rack networking switches, power elements, and built-in, active, additional capacity (if provisioned) to help enable auto recovery workflows the same way as in AWS Regions. Similar to AWS Auto Scaling in the cloud today, we recommend best practices for high availability deployments and auto recovery workflows for easy failover in case of any underlying host issue. Customers can deploy multiple Outposts at a site, each tied to a different Availability Zone for even higher availability. In addition, customers can use EC2 placement groups on AWS Outposts to help ensure instances within a group are placed on distinct Outposts racks to reduce the impact of hardware failures.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.