What does this AWS Solutions Implementation do?

This solution enables you to quickly deploy a secure, scalable, multi-account environment in AWS GovCloud (US) based on AWS best practices. This solution is architected to follow the Defense Information Systems Agency (DISA) Cloud Computing Security Requirements Guide (CC SRG) for hosting Impact Level (IL) 4 and 5 workloads in the cloud. Using this solution, you can quickly deploy an architecture baseline that accommodates U.S. federal and Department of Defense (DoD) requirements to rapidly achieve Authority to Operate (ATO). In addition, this solution is architected to support and accelerate DoD Cybersecurity Maturity Model Certification (CMMC) readiness.

With the large number of design choices, setting up a multi-account environment can take a significant amount of time and require a deep understanding of AWS services. This solution helps you by automating the setup of an initial cloud environment, suitable for hosting these secure workloads.

It also provides the following:

  • complimentary functionality, including tenant account creation and management
  • identity and access management
  • data security and governance
  • core networking
  • centralized logging

AWS Solutions Implementation overview

The diagram below presents the architecture you can automatically deploy using the solution's implementation guide and accompanying AWS CloudFormation template.

Compliant Framework for Federal and DoD Workloads in AWS GovCloud (US) | Architecture Diagram
 Click to enlarge

Compliant Framework for Federal and DoD Workloads in AWS GovCloud (US) Solutions Implementation architecture

The AWS CloudFormation template deploys an AWS Step Functions that runs a series of tasks that deploy the solution. These tasks are implemented as AWS Lambda functions (used to initialize AWS Organizations and create AWS GovCloud (US) accounts) and an AWS CodeBuild project that is used to orchestrate the deployment of the solution into the newly-created AWS accounts. Additionally, an Amazon Simple Notification Service (Amazon SNS) topic is created to track the deployment status of this solution. AWS CodePipeline deploys AWS CloudFormation templates that initialize the hosting environment for your workloads.

Compliant Framework for Federal and DoD Workloads in AWS GovCloud (US)

Version 1.0.0
Released: 12/2020
Author: AWS

Estimated deployment time: 90 min

Source Code  CloudFormation template 
Use the button below to subscribe to updates for this Solutions Implementation.
Note: To subscribe to RSS updates, you must have an RSS plug-in enabled for the browser you are using.
Did this Solutions Implementation help you?
Provide feedback 

Features

Automation

Automatically set up a cloud environment suitable for hosting secure workloads.

Data security

Deploy the solution in an AWS Region suitable for the data classification of your data.

Compliance

This solution is designed to meet the compliance requirements for Defense Information Systems Agency (DISA) Cloud Computing Security Requirements Guide (CC SRG) and Secure Cloud Computing Architecture (SCCA).
Build icon
Deploy a Solution yourself

Browse our library of AWS Solutions Implementations to get answers to common architectural problems.

Learn more 
Find an APN partner
Find an APN Partner

Find AWS certified consulting and technology partners to help you get started.

Learn more 
Explore icon
Explore Solutions Consulting Offers

Browse our portfolio of Consulting Offers to get AWS-vetted help with solution deployment.

Learn more