Q: Why would I use AWS Outposts instead of operating in an AWS Region?
You can use Outposts to support your applications that have low latency or local data processing requirements. These applications may need to generate near real-time responses to end user applications or need to communicate with other on-premises systems or control on-site equipment. These can include workloads running on factory floors for automated operations in manufacturing, real-time patient diagnosis or medical imaging, and content and media streaming. You can use Outposts to securely store and process customer data that needs to remain on premises or in countries where there is no AWS region. You can run data intensive workloads on Outposts and process data locally when transmitting data to the cloud is expensive and wasteful and for better control on data analysis, back-up and restore.
Q: In which regions is Outposts available?
Outposts is supported in the following regions and customers can connect their Outposts to the following regions:
|US East (Ohio)||us-east-2|
|US East (N. Virginia)||us-east-1|
|US West (N. California)||us-west-1|
|US West (Oregon)||us-west-2|
|South America (São Paulo)||sa-east-1|
|Middle East (Bahrain)||me-south-1|
|Africa (Cape Town)||af-south-1|
|Asia Pacific (Sydney)||ap-southeast-2|
|Asia Pacific (Tokyo)||ap-northeast-1|
|Asia Pacific (Seoul)||ap-northeast-2|
|Asia Pacific (Singapore)||ap-southeast-1|
|Asia Pacific (Hong Kong)||ap-east-1|
|Asia Pacific (Mumbai)||ap-south-1|
|AWS GovCloud (US-West)||us-gov-west-1|
|AWS GovCloud (US-East)||us-gov-east-1|
Q: In which countries will Outposts be available?
A: Outposts can be shipped to and installed in the following countries
- NA - US, Canada, Mexico
- EMEA - All EU countries, Switzerland, Norway, Bahrain, United Arab Emirates (UAE), and Kingdom of Saudi Arabia (KSA), Israel, South Africa
- APAC - Australia, New Zealand, Japan, South Korea, Hong Kong Special Administrative Region, Taiwan, Singapore, Indonesia, Malaysia, Thailand, India
- SA - Brazil
Support for more countries coming soon.
Q: Can I order an Outpost to a country where Outposts has not launched and link it back to a supported Region?
A: No, we can deliver and install Outposts only in countries where Outposts can be delivered and supported.
Q: Can I use Outposts when it is not connected to the AWS Region or in a disconnected environment?
An Outpost relies on connectivity to the parent AWS Region. Outposts are not designed for disconnected operations or environments with limited to no connectivity. We recommend that customers have highly available networking connections back to their AWS Region. If interested in leveraging AWS services in disconnected environments such as cruise ships or remote mining locations, learn more about AWS services such as Snowball Edge which is optimized to operate in environments with limited to no connectivity.
Q: Can Outposts be used to meet data sovereignty requirements?
Yes. Customer data (compute, storage) stay resident on the Outposts, in the customer’s on-premises location or specified co-location facility. As well, AWS provides services that allow data to be encrypted at rest and in-transit and other granular security controls and auditing mechanisms. Well-architected applications using Outposts and AWS services and tools address the data residency requirements we most commonly hear from our customers. Customers may choose to replicate data between Outposts or to an AWS Region. Some limited meta-data (e.g. instance IDs, monitoring metrics, metering records, tags, etc.) will flow back to the AWS Region. We recommend you confirm with your compliance teams to ensure your particular requirements are met.
Q: Can S3 for Outposts support data residency or sovereignty requirements?
Yes. S3 for Outposts data stay on your Outpost by default. Customers may choose to replicate some or all of their data to AWS Regions based on their specific residency requirements. Certain control plane data, such as bucket names and metrics may be stored in the AWS Region for reporting and management. More detail will be available when S3 for Outposts is generally available.
Q: Can I reuse my existing servers in an Outpost?
No, AWS Outposts leverages AWS designed infrastructure, and is only supported on AWS-designed hardware that is optimized for secure, high-performance, and reliable operations.
Q: Is there a software-only version of AWS Outposts?
No, AWS Outposts is a fully managed service that provides you with native access to AWS services.
Q: Can I order my own hardware that can be installed as part of my Outpost rack?
No, AWS Outposts provides fully integrated AWS designed configurations with built in top-of-rack switches and redundant power supply to ensure an ideal AWS experience. You can order as much compute and storage infrastructure as you need by selecting from the range of available Outpost options, or work with us to create a custom combination with your desired EC2 and EBS capacity. These are pre-validated and tested to ensure that you can get started quickly with no additional effort or configuration required on-site.
Q: Can I create EC2 instances using an EBS backed AMI on my Outposts?
A: Yes, you can launch EC2 instances using the AMIs backed with EBS gp2 volume types..
Q: Where are EBS snapshots stored?
A: Any EBS snapshots will be stored using Amazon S3 in the Region associated with your Outpost.
Q: Is Application Load Balancer available on Outposts?
A: Yes, Application Load Balancer is available on Outposts in all commercial regions where Outposts is available.
Q: How can I establish network connectivity between my Outposts and the AWS Region?
A: Yes. You can choose to establish Outposts ServiceLink VPN connection to the parent AWS Region via an AWS Direct Connect private connectivity or public virtual interface or public Internet.
Q: When should I use a private VPC to connect my Outposts to the AWS Region, instead of a public VPN?
A: You can connect your Outposts ServiceLink VPN to public endpoints (IP’s) in the AWS Region, if you do not have stringent data security requirements. If you do, you will need to minimize exposure to the public internet by securing your data and traffic running over the ServiceLink by leveraging your own VPCs and DirectConnect. If you have stringent data security requirements but do not yet have DirectConnect, you will need to acquire DirectConnect first before connecting the ServiceLink between your Outposts infrastructure and the AWS Region using DirectConnect and your own private VPCs.
Getting started with ordering & installation
Q: Are there any prerequisites for deploying an Outpost at my location?
A: Your site must support the basic power, networking and space requirements to host an Outpost. Outposts need 5-15 kVA, can support 1/10/40/100 Gbps uplinks, and space for a 42U rack (80” X 24” X 48” dimensions). As Outposts require reliable network connectivity to the AWS Region, you should plan for a public internet connection. Customers must have Enterprise Support, which provides 24x7 remote support within 15 mins.
Security & compliance
Q: Do the same compliance certifications for AWS Services today apply for services on Outposts?
A: AWS Outposts is HIPAA eligible, PCI and ISO compliant, and we expect to add more compliance certifications in coming months. You can see the latest certification status for AWS Services on Outposts on our Services in Scope page. As AWS Outposts runs at the customer’s data center, under the AWS Shared Responsibility model customers own the responsibility for physical security and access controls around the Outpost for compliance certification.
Q: Who is responsible for the physical security of the Outposts at my datacenter?
A: AWS provides services that allow data to be encrypted at rest and in-transit and other granular security controls and auditing mechanisms. In addition, customer data is wrapped to a physical Nitro Secure key. Destroying the device is equivalent to destroying the data. In the shared responsibility model, customers are responsible for attesting to physical security and access controls around the Outpost as part of a shared responsibility model.
Support & maintenance
Q: How does AWS maintain AWS Outposts infrastructure?
A: When your Outpost is installed and is visible in the AWS Management Console, AWS will monitor it as part of the public Region and will automatically execute software upgrades and patches.
If there is a need to perform physical maintenance, AWS will reach out to schedule a time to visit your site. AWS may replace a given module as appropriate but will not perform any host or network switch servicing on customer premises.
Q: What happens when my facility's network connection goes down?
A: EC2 instances and EBS volumes on the Outpost will continue to operate normally and can be accessed locally via the local gateway. Similarly, AWS service resources such as ECS worker nodes continue to run locally. However, API availability will be degraded, for instance run/start/stop/terminate APIs may not work. Instance metrics and logs will continue to be cached locally for a few hours, and will be pushed to the AWS Region when connectivity returns. Disconnection beyond a few hours however may result in loss of metrics and logs. At this time, DNS queries on the Outpost to the Route 53 Resolver (aka AmazonProvidedDNS) also rely on the network link to the AWS Region, so default DNS resolution will stop working. If you expect to lose network connectivity, we strongly recommend regularly testing your workload to ensure it behaves properly in this state when an Outpost is disconnected.
Q: What type of control plane information flows back to the parent Region?
A: As an example, information about instance health, instance activity (launched, stopped), and the underlying hypervisor system may be sent back to the parent AWS Region. This information enables AWS to provide alerting on instance health and capacity, and apply patches and updates to the Outpost. Your team does not need to implement your own tooling to manage these elements, or to actively push security updates and patches for your Outpost. When disconnected, this information cannot be sent back to the parent Region.