Q: Why would I use AWS Outposts instead of operating in an AWS Region?
A: You can use Outposts to support your applications that have low latency or local data processing requirements. These applications may need to generate near real-time responses to end user applications or need to communicate with other on-premises systems or control on-site equipment. These can include workloads running on factory floors for automated operations in manufacturing, real-time patient diagnosis or medical imaging, and content and media streaming. You can use Outposts to securely store and process customer data that needs to remain on premises or in countries where there is no AWS region. You can run data intensive workloads on Outposts and process data locally when transmitting data to the cloud is expensive and wasteful and for better control on data analysis, back-up and restore.
Q: In which regions is Outposts available?
Outposts is supported in the following regions and customers can connect their Outposts to the following regions:
|US East (Ohio)||us-east-2|
|US East (N. Virginia)||us-east-1|
|US West (N. California)||us-west-1|
|US West (Oregon)||us-west-2|
|South America (São Paulo)||sa-east-1|
|Middle East (Bahrain)||me-south-1|
|Africa (Cape Town)||af-south-1|
|Asia Pacific (Sydney)||ap-southeast-2|
|Asia Pacific (Tokyo)||ap-northeast-1|
|Asia Pacific (Seoul)||ap-northeast-2|
|Asia Pacific (Singapore)||ap-southeast-1|
|Asia Pacific (Hong Kong)||ap-east-1|
|Asia Pacific (Mumbai)||ap-south-1|
|Asia Pacific (Osaka)||ap-northeast-3|
|AWS GovCloud (US-West)||us-gov-west-1|
|AWS GovCloud (US-East)||us-gov-east-1|
Q: In which countries and territories will Outposts be available?
A: Outposts can be shipped to and installed in the following countries and territories.
- NA - US, Canada, Mexico
- EMEA - All EU countries, United Kingdom (UK), Switzerland, Norway, Bahrain, United Arab Emirates (UAE), Kingdom of Saudi Arabia (KSA)*, Israel, South Africa, Gibraltar
- APAC - Australia, New Zealand, Japan, South Korea, Hong Kong Special Administrative Region, Macau, Taiwan, Singapore, Indonesia, Malaysia, Thailand, the Philippines, Brunei, India
- SA - Brazil, Colombia**, Argentina***, Chile, Peru
- CA - Puerto Rico
Support for more countries and territories are coming soon.
* Outposts availability in KSA is pending authorization.
** Outposts is available in Bogota and Valle del Cauca with support for additional departments coming soon.
*** Outposts is available in Buenos Aires and Santa Fe provinces with support for additional provinces coming soon.
Q: Can I order an Outpost to a country where Outposts has not launched and link it back to a supported Region?
A: No, we can deliver and install Outposts only in countries where Outposts can be delivered and supported.
Q: Can I use Outposts when it is not connected to the AWS Region or in a disconnected environment?
A: An Outpost relies on connectivity to the parent AWS Region. Outposts are not designed for disconnected operations or environments with limited to no connectivity. We recommend that customers have highly available networking connections back to their AWS Region. If interested in leveraging AWS services in disconnected environments such as cruise ships or remote mining locations, learn more about AWS services such as Snowball Edge which is optimized to operate in environments with limited to no connectivity.
Q: Can I reuse my existing servers in an Outpost?
A: No, AWS Outposts leverages AWS designed infrastructure, and is only supported on AWS-designed hardware that is optimized for secure, high-performance, and reliable operations.
Q: Is there a software-only version of AWS Outposts?
A: No, AWS Outposts is a fully managed service that provides you with native access to AWS services.
Q: Can I order my own hardware that can be installed as part of my Outpost rack?
A: No, AWS Outposts provides fully integrated AWS designed configurations with built in top-of-rack switches and redundant power supply to ensure an ideal AWS experience. You can order as much compute and storage infrastructure as you need by selecting from the range of available Outpost options, or work with us to create a custom combination with your desired EC2, EBS, and S3 capacity. These are pre-validated and tested to ensure that you can get started quickly with no additional effort or configuration required on-site.
Outposts 1U and 2U form factors
Q: What are AWS Outposts 1U and 2U form factors?
A: AWS Outposts 1U and 2U form factors are rack-mountable servers that will provide local compute and networking services to edge locations that have limited space or smaller capacity requirements. Outposts servers can be installed by onsite personnel or with an AWS preferred third-party contractor. You can use the same AWS APIs, control plane, and tools that you’re familiar with to manage servers across hundreds or thousands of on-premises locations.
The 1U form factor is suitable for 19-inch wide, 24-inch deep cabinets and uses an AWS Graviton2 processor to provide 64 vCPUs, 128 GiB memory, and 4 TB of local NVMe storage. The 2U form factor is suitable for standard 19-inch wide, 36-inch deep cabinets, and uses an Intel processor to provide up to 128 vCPUs, 256 GiB memory, and 4 TB of local NVMe.
Q: How will customers deploy and manage applications on AWS Outposts servers?
A: Customers will deploy and manage applications on servers using the same tools they use for workloads running on Outposts racks or in the AWS Region. Customers will launch resources by targeting the unique identifier (Outpost ID) that is associated with virtualized capacity on a server. Outposts servers will support local EC2 for compute, ECS and EKS for containers, and VPC for networking.
For higher availability, customers will be able to configure redundancy across devices.
For fleet management, Outposts servers will generate the same capacity and network monitoring metrics as Outposts racks. As customers scale across many sites, they will group devices and target deployments by using resource tags to associate devices within their fleet as they would for resources running in the AWS Region. Customers will use deployment management tools, like CloudFormation, CodeDeploy, and Terraform.
Q: How can I learn more?
A: AWS Outposts 1U and 2U form factors will be available in 2021. You can learn more by signing up, here.
Q: Can I create EC2 instances using an EBS backed AMI on my Outposts?
A: Yes, you can launch EC2 instances using the AMIs backed with EBS gp2 volume types.
Q: Where are EBS snapshots stored?
A: EBS snapshots of EBS Volumes on Outposts are stored by default on Amazon S3 in the Region. If the Outposts is provisioned with Amazon S3 on Outposts you have the option to store your snapshots locally on your Outpost. EBS snapshots are incremental which means that only the blocks on your Outpost that have changed after your most recent snapshot are saved. You can at any time restore (hydrate) EBS Volume on Outposts from the stored snapshots. To learn more, visit the EBS Snapshots documentation.
Q: How do I enforce data residency on Outposts using EBS Local Snapshots on Outposts?
A: You can set resource-level IAM policies and permissions on your Outpost for EBS Local Snapshots on Outposts and AMI images to enforce data residency. Each account (or IAM user or role) can set up a data residency enforcement policy for single or multiple Outposts. This will block the creation or copy of local snapshots and images as well as API/CLI calls outside the specified Outposts ARN. All of the create, update, and copy operations are logged in CloudTrail audit logs, so you can track that local snapshots reside in your location. To learn more, visit the EBS Snapshots documentation.
Q: What use cases are best suited to run on S3 on Outposts?
A: S3 on Outposts is ideal for customers with data residency requirements or those in regulated industries that need to securely store and process customer data that needs to remain on premises or in locations where there is no AWS region. Additionally, customers can use S3 on Outposts to run data intensive workloads to process data locally and store on-premises. S3 on Outposts will also help if you have applications that need to communicate with other on-premises systems or control on-site equipment, such as within a factory, hospital, or research facility.
Q: How can I establish network connectivity between my Outposts and the AWS Region?
You can choose to establish Outposts service link VPN connection to the parent AWS Region via an AWS Direct Connect private connection, a public virtual interface, or the public Internet.
Q: Is Application Load Balancer available on Outposts?
A: Yes, Application Load Balancer is available on Outposts in all commercial regions where Outposts is available.
Q: Can Outposts support real-time applications with low-latency requirements?
A: Yes, with RDS on AWS Outposts you can run managed Microsoft SQL Server, MySQL, and PostgreSQL databases on premises for low latency workloads that need to be run in close proximity to on premises data and applications. You can manage RDS databases both in the cloud and on premises using the same AWS Management Console, APIs, and CLI. For ultra low-latency applications, ElastiCache on Outposts enables sub-millisecond responses for real-time applications, including workloads running on factory floors for automated operations in manufacturing, real-time patient diagnosis, and media streaming.
Q: Can Outposts be used to meet data residency requirements?
A: Yes. Customer data can be configured to remain on Outposts using Amazon Elastic Block Store (EBS) and Amazon Simple Storage Service (S3) on Outposts, in the customer’s on-premises location or specified co-location facility. Well-architected applications using Outposts and AWS services and tools address the data residency requirements we most commonly hear from our customers. AWS Identity and Access Management (IAM) lets you control access to AWS resources. You can use IAM and granular data control rules to specify which types of data must remain on Outposts and cannot be replicated to the AWS Region. S3 on Outposts stores data on your Outpost by default, and you may choose to replicate some or all of your data to AWS Regions based on your specific residency requirements. ElastiCache on Outposts allows you to securely process customer data locally on the Outposts. Some limited meta-data (e.g. instance IDs, monitoring metrics, metering records, tags, bucket names, etc.) will flow back to the AWS Region.
To ensure your unique data residency requirements are met, we recommend you confirm and work closely with your compliance and security teams.
Q: Is Resource Sharing available on AWS Outposts?
A: Yes. AWS Resource Access Manager (RAM) is a service that enables you to share your AWS resources with any AWS account or within your AWS Organization. RAM support lets you, the Outpost owner, create and manage Outpost resources - EC2 instances, EBS volumes, subnets, and local gateways (LGWs) centrally, and share the resources across multiple AWS accounts within the same AWS organization. This allows others to configure
VPCs, launch and run instances, and create EBS volumes on the shared Outpost.
Q: Which EC2 instances are available on Outposts?
A: EC2 instances built on the AWS Nitro System, for general purpose, compute optimized, memory optimized, storage optimized, and GPU optimized with Intel Xeon Scalable processor are supported on AWS Outposts, and Graviton processors based EC2 instances are coming soon.
Getting started with ordering & installation
Q: Are there any prerequisites for deploying an Outpost at my location?
A: Your site must support the basic power, networking and space requirements to host an Outpost. Outposts need 5-15 kVA, can support 1/10/40/100 Gbps uplinks, and space for a 42U rack (80” X 24” X 48” dimensions). As Outposts require reliable network connectivity to the AWS Region, you should plan for a public internet connection. Customers must have Enterprise Support, which provides 24x7 remote support within 15 mins.
Security & compliance
Q: Do the same compliance certifications for AWS Services today apply for services on Outposts?
A: AWS Outposts itself is HIPAA eligible, PCI, SOC, ISMAP, IRAP and FINMA compliant, ISO and CSA STAR certified, and we expect to add more compliance certifications in coming months. You can see the latest certification status for AWS Services on Outposts on our Services in Scope page. AWS Services on Outposts like RDS or Elasticache Redis that have achieved certifications like PCI are also considered certified on Outposts. As AWS Outposts runs at the customer’s data center, under the AWS Shared Responsibility model customers own the responsibility for physical security and access controls around the Outpost for compliance certification.
Q: Is AWS Outposts GxP Compatible?
A: Yes, AWS Outposts is GxP compatible. AWS Outposts extend AWS services to AWS-managed infrastructure that is physically located at a customer site. Outposts capacity can be accessed locally over a local gateway that is mapped to the customer’s local network, in addition to having a connection path back to the AWS Region. You can learn more about using the AWS Cloud, including Outposts, for GxP systems here. GxP-regulated life sciences organizations using AWS services are responsible for designing and verifying their GxP compliance.
Q: Who is responsible for the physical security of the Outposts at my datacenter?
A: AWS provides services that allow data to be encrypted at rest and in-transit and other granular security controls and auditing mechanisms. In addition, customer data is wrapped to a physical Nitro Security Key. Destroying the device is equivalent to destroying the data. As part of the shared responsibility model, customers are responsible for attesting to physical security and access controls around the Outpost, as well as environmental requirements for facility, networking, and power as published here. Prior to returning the Outpost hardware, the Nitro Security Key will be removed to ensure customer content is crypto shredded.
Support & maintenance
Q: How does AWS maintain AWS Outposts infrastructure?
A: When your Outpost is installed and is visible in the AWS Management Console, AWS will monitor it as part of the public Region and will automatically execute software upgrades and patches.
If there is a need to perform physical maintenance, AWS will reach out to schedule a time to visit your site. AWS may replace a given module as appropriate but will not perform any host or network switch servicing on customer premises.
Q: What happens when my facility's network connection goes down?
A: EC2 instances and EBS volumes on the Outpost will continue to operate normally and can be accessed locally via the local gateway. Similarly, AWS service resources such as ECS worker nodes continue to run locally. However, API availability will be degraded, for instance run/start/stop/terminate APIs may not work. Instance metrics and logs will continue to be cached locally for a few hours, and will be pushed to the AWS Region when connectivity returns. Disconnection beyond a few hours however may result in loss of metrics and logs. At this time, DNS queries on the Outpost to the Route 53 Resolver (aka AmazonProvidedDNS) also rely on the network link to the AWS Region, so default DNS resolution will stop working. If you expect to lose network connectivity, we strongly recommend regularly testing your workload to ensure it behaves properly in this state when an Outpost is disconnected.For S3 on Outposts, if the network connection to your Outpost is lost, you will not be able to access your objects. Requests to store and retrieve objects are authenticated using the regional AWS Identity and Access Management (IAM) service, and if the Outpost has no connectivity to the home AWS Region, you are not able to access your data. Your data remains safely stored on your Outpost during periods of disconnect, and once connectivity is restored authentication and requests can resume.
Q: What type of control plane information flows back to the parent Region?
A: As an example, information about instance health, instance activity (launched, stopped), and the underlying hypervisor system may be sent back to the parent AWS Region. This information enables AWS to provide alerting on instance health and capacity, and apply patches and updates to the Outpost. Your team does not need to implement your own tooling to manage these elements, or to actively push security updates and patches for your Outpost. For S3 on Outposts, certain data management and telemetry data, such as bucket names and metrics, may be stored in the AWS Region for reporting and management. When disconnected, this information cannot be sent back to the parent Region.
Q. How does AWS support adding capacity to existing Outposts?
A: There are two mechanisms to increase your compute and storage capacity of your AWS Outposts rack. First, you can increase capacity by adding additional Outposts racks from the Outposts catalog. Second, if your existing Outposts racks have available power and positions within the rack, you can increase from a “small” to a “medium” or “large” configuration, or from a” medium” to a “large” configuration. You will be able to add compute and storage capacity a maximum of twice within a rack that supports 10KVA – 15KVA power consumption. Note: The 1U and 2U Outpost servers cannot be installed in the 42U Outpost form factor.