Q: Why would I use AWS Outposts instead of operating in an AWS Region?
You can use Outposts to support your applications that have low latency or local data processing requirements. These applications may need to generate near real-time responses to end user applications or need to communicate with other on-premises systems or control on-site equipment. These can include workloads running on factory floors for automated operations in manufacturing, real-time patient diagnosis or medical imaging, and content and media streaming. You can use Outposts to securely store and process customer data that needs to remain on premises or in countries where there is no AWS region. You can run data intensive workloads on Outposts and process data locally when transmitting data to the cloud is expensive and wasteful and for better control on data analysis, back-up and restore.
Q: In which regions is Outposts available?
Outposts is supported in the following regions and customers can connect their Outposts to the following regions:
|US East (Ohio)||us-east-2|
|US East (N. Virginia)||us-east-1|
|US West (N. California)||us-west-1|
|US West (Oregon)||us-west-2|
|South America (São Paulo)||sa-east-1|
|Middle East (Bahrain)||me-south-1|
|Africa (Cape Town)||af-south-1|
|Asia Pacific (Sydney)||ap-southeast-2|
|Asia Pacific (Tokyo)||ap-northeast-1|
|Asia Pacific (Seoul)||ap-northeast-2|
|Asia Pacific (Singapore)||ap-southeast-1|
|Asia Pacific (Hong Kong)||ap-east-1|
|Asia Pacific (Mumbai)||ap-south-1|
|AWS GovCloud (US-West)||us-gov-west-1|
|AWS GovCloud (US-East)||us-gov-east-1|
Q: In which countries will Outposts be available?
A: Outposts can be shipped to and installed in the following countries
- NA - US, Canada, Mexico
- EMEA - All EU countries, Switzerland, Norway, Bahrain, United Arab Emirates (UAE), and Kingdom of Saudi Arabia (KSA), Israel, South Africa
- APAC - Australia, New Zealand, Japan, South Korea, Hong Kong Special Administrative Region, Taiwan, Singapore, Indonesia, Malaysia, Thailand, India
- SA - Brazil
Support for more countries coming soon.
Q: Can I order an Outpost to a country where Outposts has not launched and link it back to a supported Region?
A: No, we can deliver and install Outposts only in countries where Outposts can be delivered and supported.
Q: Can I use Outposts when it is not connected to the AWS Region or in a disconnected environment?
An Outpost relies on connectivity to the parent AWS Region. Outposts are not designed for disconnected operations or environments with limited to no connectivity. We recommend that customers have highly available networking connections back to their AWS Region. If interested in leveraging AWS services in disconnected environments such as cruise ships or remote mining locations, learn more about AWS services such as Snowball Edge which is optimized to operate in environments with limited to no connectivity.
Q: Can I reuse my existing servers in an Outpost?
No, AWS Outposts leverages AWS designed infrastructure, and is only supported on AWS-designed hardware that is optimized for secure, high-performance, and reliable operations.
Q: Is there a software-only version of AWS Outposts?
No, AWS Outposts is a fully managed service that provides you with native access to AWS services.
Q: Can I order my own hardware that can be installed as part of my Outpost rack?
No, AWS Outposts provides fully integrated AWS designed configurations with built in top-of-rack switches and redundant power supply to ensure an ideal AWS experience. You can order as much compute and storage infrastructure as you need by selecting from the range of available Outpost options, or work with us to create a custom combination with your desired EC2, EBS, and S3 capacity. These are pre-validated and tested to ensure that you can get started quickly with no additional effort or configuration required on-site.
Q: Can I create EC2 instances using an EBS backed AMI on my Outposts?
A: Yes, you can launch EC2 instances using the AMIs backed with EBS gp2 volume types.
Q: Where are EBS snapshots stored?
A: Any EBS snapshots will be stored using Amazon S3 in the Region associated with your Outpost.
Q: What use cases are best suited to run on S3 on Outposts?
A: S3 on Outposts is ideal for customers with data residency requirements or those in regulated industries that need to securely store and process customer data that needs to remain on premises or in locations where there is no AWS region. Additionally, customers can use S3 on Outposts to run data intensive workloads to process data locally and store on-premises. S3 on Outposts will also help if you have applications that need to communicate with other on-premises systems or control on-site equipment, such as within a factory, hospital, or research facility.
Q: Is Application Load Balancer available on Outposts?
A: Yes, Application Load Balancer is available on Outposts in all commercial regions where Outposts is available.
Q: Can Outposts support real-time applications with low-latency requirements?
A: Yes, with RDS on AWS Outposts you can run managed MySQL and PostgreSQL databases on premises for low latency workloads that need to be run in close proximity to on premises data and applications. You can manage RDS databases both in the cloud and on premises using the same AWS Management Console, APIs, and CLI. For ultra low-latency applications, ElastiCache on Outposts enables sub-millisecond responses for real-time applications, including workloads running on factory floors for automated operations in manufacturing, real-time patient diagnosis, and media streaming.
Q: Can Outposts be used to meet data residency requirements?
A: Yes. Customer data can be configured to remain on Outposts using Amazon Elastic Block Store (EBS) and Amazon Simple Storage Service (S3) on Outposts, in the customer’s on-premises location or specified co-location facility. Well-architected applications using Outposts and AWS services and tools address the data residency requirements we most commonly hear from our customers. AWS Identity and Access Management (IAM) lets you control access to AWS resources. You can use IAM and granular data control rules to specify which types of data must remain on Outposts and cannot be replicated to the AWS Region. S3 on Outposts stores data on your Outpost by default, and you may choose to replicate some or all of your data to AWS Regions based on your specific residency requirements. ElastiCache on Outposts allows you to securely process customer data locally on the Outposts. Some limited meta-data (e.g. instance IDs, monitoring metrics, metering records, tags, bucket names, etc.) will flow back to the AWS Region.
To ensure your unique data residency requirements are met, we recommend you confirm and work closely with your compliance and security teams.
Q: Is Resource Sharing available on AWS Outposts?
A: Yes. AWS Resource Access Manager (RAM) is a service that enables you to share your AWS resources with any AWS account or within your AWS Organization. RAM support lets you, the Outpost owner, create and manage Outpost resources - EC2 instances, EBS volumes, subnets, and local gateways (LGWs) centrally, and share the resources across multiple AWS accounts within the same AWS organization. This allows others to configure
VPCs, launch and run instances, and create EBS volumes on the shared Outpost.
Getting started with ordering & installation
Q: Are there any prerequisites for deploying an Outpost at my location?
A: Your site must support the basic power, networking and space requirements to host an Outpost. Outposts need 5-15 kVA, can support 1/10/40/100 Gbps uplinks, and space for a 42U rack (80” X 24” X 48” dimensions). As Outposts require reliable network connectivity to the AWS Region, you should plan for a public internet connection. Customers must have Enterprise Support, which provides 24x7 remote support within 15 mins.
Security & compliance
Q: Do the same compliance certifications for AWS Services today apply for services on Outposts?
A: AWS Outposts is HIPAA eligible, PCI, SOC, and ISO compliant, and we expect to add more compliance certifications in coming months. You can see the latest certification status for AWS Services on Outposts on our Services in Scope page. As AWS Outposts runs at the customer’s data center, under the AWS Shared Responsibility model customers own the responsibility for physical security and access controls around the Outpost for compliance certification.
Q: Is AWS Outposts GxP Compatible?
A: Yes, AWS Outposts is GxP compatible. AWS Outposts extend AWS services to AWS-managed infrastructure that is physically located at a customer site. Outposts capacity can be accessed locally over a local gateway that is mapped to the customer’s local network, in addition to having a connection path back to the AWS Region. You can learn more about using the AWS Cloud, including Outposts, for GxP systems here. GxP-regulated life sciences organizations using AWS services are responsible for designing and verifying their GxP compliance.
Q: Who is responsible for the physical security of the Outposts at my datacenter?
A: AWS provides services that allow data to be encrypted at rest and in-transit and other granular security controls and auditing mechanisms. In addition, customer data is wrapped to a physical Nitro Security Key. Destroying the device is equivalent to destroying the data. As part of the shared responsibility model, customers are responsible for attesting to physical security and access controls around the Outpost, as well as environmental requirements for facility, networking, and power as published here. Prior to returning the Outpost hardware, the Nitro Security Key will be removed to ensure customer content is crypto shredded.
Support & maintenance
Q: How does AWS maintain AWS Outposts infrastructure?
A: When your Outpost is installed and is visible in the AWS Management Console, AWS will monitor it as part of the public Region and will automatically execute software upgrades and patches.
If there is a need to perform physical maintenance, AWS will reach out to schedule a time to visit your site. AWS may replace a given module as appropriate but will not perform any host or network switch servicing on customer premises.
Q: What happens when my facility's network connection goes down?
A: EC2 instances and EBS volumes on the Outpost will continue to operate normally and can be accessed locally via the local gateway. Similarly, AWS service resources such as ECS worker nodes continue to run locally. However, API availability will be degraded, for instance run/start/stop/terminate APIs may not work. Instance metrics and logs will continue to be cached locally for a few hours, and will be pushed to the AWS Region when connectivity returns. Disconnection beyond a few hours however may result in loss of metrics and logs. At this time, DNS queries on the Outpost to the Route 53 Resolver (aka AmazonProvidedDNS) also rely on the network link to the AWS Region, so default DNS resolution will stop working. If you expect to lose network connectivity, we strongly recommend regularly testing your workload to ensure it behaves properly in this state when an Outpost is disconnected.For S3 on Outposts, if the network connection to your Outpost is lost, you will not be able to access your objects. Requests to store and retrieve objects are authenticated using the regional AWS Identity and Access Management (IAM) service, and if the Outpost has no connectivity to the home AWS Region, you are not able to access your data. Your data remains safely stored on your Outpost during periods of disconnect, and once connectivity is restored authentication and requests can resume.
Q: What type of control plane information flows back to the parent Region?
A: As an example, information about instance health, instance activity (launched, stopped), and the underlying hypervisor system may be sent back to the parent AWS Region. This information enables AWS to provide alerting on instance health and capacity, and apply patches and updates to the Outpost. Your team does not need to implement your own tooling to manage these elements, or to actively push security updates and patches for your Outpost. For S3 on Outposts, certain data management and telemetry data, such as bucket names and metrics, may be stored in the AWS Region for reporting and management. When disconnected, this information cannot be sent back to the parent Region.