Category: Technical How-to

Government, education, nonprofit, healthcare, and other public sector organizations process and store sensitive data including health records, tax data, PII, student data, criminal justice information, and financial data. These workloads carry stringent security and compliance requirements to protect the confidentiality, integrity, and availability of this data both in transit and at rest. Best practices for protection of data in transit include enforcing appropriately defined encryption requirements, authenticating network communications, and implementing secure key and certificate management systems. In this post, I demonstrate a solution for deploying a highly available and fault tolerant web service with managed certificates and TLS termination performed on customer-managed EC2 Nitro instances using ACM for Nitro Enclaves.

The Newfoundland and Labrador Centre for Health Information (NLCHI) provides quality information to health professionals, the public, researchers, and health system decision makers. Through collaboration with the health system, NLCHI supports the development of data and technical standards, maintains key health databases, carries out analytics and evaluation, and supports health research. This post details how NLCHI is able to provide secure and scalable access to their on-premises provincial electronic health record (EHR) system, by trusted and authorized partners who run on AWS, through the use of AWS PrivateLink, Network Load Balancer, and AWS Site-to-Site VPN.

If you are a researcher or scientist, you may be familiar with MATLAB, a computational analysis tool produced by Mathworks. And if you work in higher education, you may work with individuals and groups outside of your organization for data collection or the analysis of that data. Learn how to extend the reach of MATLAB applications on AWS by using the MATLAB Web App Server.

Providing access through Azure AD to AWS GovCloud (US) reduces the number of credentials administrators need to manage and use for access to AWS GovCloud (US) and can also increase security to the account by using the same Multi-Factor Authentication (MFA) mechanism used with Azure AD. This access also allows the use of scripts and programs to help manage resources in the AWS accounts. This post is a walkthrough of using an open-source utility called saml2aws to provide programmatic access to AWS for Azure AD users.

Even though Amazon S3 provides regional data resiliency, customers often have compliance and business requirements to replicate their data to a second Region that is hundreds (or even thousands) of miles away from their primary location. Amazon S3 replication provides an automatic mechanism to make identical copies of your objects in a destination Region of your choice. Replication enables automatic, asynchronous copying of objects across S3 buckets. Learn how to configure S3 Cross Region Replication with S3 RTC feature, and do a walk-through of how to configure event notification for S3 replication events and configuring Amazon CloudWatch alarms for the replication metrics.

The Government of Canada (GC) set ambitious goals at the onset of COVID-19. One goal: to offer a mobile app to notify its users of possible exposures before symptoms appear in a way that wouldn’t jeopardize their privacy. In July, the GC released the COVID Alert app, an exposure notification application. COVID Alert doesn’t require users to enter—nor does it obtain from the mobile device—any personally identifiable information (PII) and doesn’t use location tracking. Let’s take a look at COVID Alert app’s cloud-based architecture and how the app is helping slow the spread of COVID-19, and helping keep Canadians safe while protecting privacy.

The cloud can help researchers process complex workloads, store and analyze enormous amounts of data, collaborate globally, and accelerate research and innovation. For research IT, Amazon Web Services (AWS) can help build scalable, cost-effective, and flexible environments while still maintaining the governance and guardrails for security and compliance. Following best practices, AWS allows for centralized management of resources, improved security and compliance of research workloads, and can save costs and accelerate innovation. What are some common questions from research IT customers?

The COVID-19 pandemic pressed organizations to virtualize events that would have previously been held in person, like town halls, school board meetings, public health announcements, and more. While larger organizations may have existing media departments, smaller organizations have had to find ways to utilize social media and other consumer-grade resources to stream these events online. This post walks through how to use AWS Elemental MediaLive to stream to Facebook Live and YouTube Live using an AWS CloudFormation stack to stand up resources automatically.

Modern data engineering covers several key components of building a modern data lake. Most databases and data warehouses, to an extent, do not lend themselves well to a DevOps model. DataOps grew out of frustrations trying to build a scalable, reusable data pipeline in an automated fashion. DataOps was founded on applying DevOps principles on top of data lakes to help build automated solutions in a more agile manner. With DataOps, users apply principles of data processing on the data lake to curate and collect the transformed data for downstream processing. One reason that DevOps was hard on databases was because testing was hard to automate on such systems. At California State University Chancellors Office (CSUCO), we took a different approach by residing most of our logic with a programming framework that allows us to build a testable platform. Learn how to apply DataOps in ten steps.

AWS IAM Identity Center helps administrators centrally manage access to multiple AWS accounts that are members of an AWS Organization. End users can authenticate and then access all their AWS accounts from a single interface. Using IAM Identity Center as a SAML identity provider for your AWS accounts also has security benefits: user credentials provided via federation are temporary. IAM Identity Center does not automatically detect AWS GovCloud (US) accounts associated with standard AWS accounts in your AWS Organization. IAM Identity Center is also not currently available in AWS GovCloud (US). As a result, IAM Identity Center cannot be used to automatically provision access for your users into an AWS GovCloud (US) account. However, this functionality can be extended to enable federation into AWS GovCloud (US) with a “custom SAML 2.0 application” in IAM Identity Center.