AWS News Blog
New – AWS GovCloud (US) Region – ITAR Compliant
|
A New Region
Our new AWS GovCloud (US) Region was designed to meet the unique regulatory requirements of the United States Government. The US federal government, state and local governments, and the contractors who support their mission now have access to secure, flexible, and cost-effective AWS services running in an environment that complies with US Government regulations for processing of sensitive workloads and storing sensitive data as described below.
The AWS GovCloud (US) Region supports the processing and storage of International Traffic in Arms (ITAR) controlled data and the hosting of ITAR controlled applications. As you may know, ITAR stipulates that all controlled data must be stored in an environment where logical and physical access is limited to US Persons (US citizens and permanent residents). This Region (and all of the AWS Regions) also provides FISMA Moderate controls. This means that we have completed the implementation of a series of controls and have also passed an independent security test and evaluation. Needless to say, it also supports existing security controls and certifications such as PCI DSS Level 1, ISO 27001, and SAS 70.
To demonstrate that GovCloud complies with ITAR, we have commissioned a third-party review of the ITAR compliance program for AWS GovCloud (US) and have received a favorable letter of attestation with respect to the stated ITAR objectives.
The Details
The new Region is located on the west coast of the US.
All EC2 instances launched within this Region must reside within a Virtual Private Cloud (VPC). In addition to Amazon EC2, the following services are now available:
- Amazon Simple Storage Service (S3)
- Amazon Elastic Block Store (EBS)
- Amazon CloudWatch
- AWS Identity and Access Management (IAM)
If you are currently using one of the other AWS Regions, I’d like you to take note of one really important aspect of this release:
Other than the restriction to US persons and the requirement that EC2 instances are launched within a VPC, we didn’t make any other changes to our usual operational systems or practices. In other words, the security profile of the existing Regions was already up to the task of protecting important processing and data. In effect, we simply put a gateway at the door — “Please show your passport or green card before entering.”
You can read more about our security processes, certifications, and accreditations in the AWS Security Center.
Full pricing information is available on the new GovCloud (US) page.
AWS in Action
I recently learned that more than 100 federal, state, and local government agencies are already using AWS in various ways. Here are some examples:
- The US Treasury’s Recovery Accountability and Transparency board hosts recovery.gov on AWS (case study). The newest version of treasury.gov is also hosted on AWS (press release).
- NASA’s Jet Propulsion Laboratory processes telemetry data and high resolution images on an array of EC2 cluster compute instances (case study).
The AWS Federal Government page contains a number of additional case studies and use cases.
Getting Access
Agencies with a need to access the AWS GovCloud must sign an AWS GovCloud (US) Enterprise Agreement. We will also make this Region accessible to government contractors, software integrators, and service providers with a demonstrated need for access. Those of you in this category will need to meet the requirements set out in ITAR Regulation 120.15.
Help Wanted
The AWS team enjoys taking on large, complex challenges to deliver new services, features, and regions to our customers. A typical release represents the combined efforts of a multitude of developers, testers, writers, program managers, and business leaders.
If you would like to work on large, complicated offerings such as AWS GovCloud, we’d love to talk to you. Here’s a small sampling of our current job postings (there’s a full list on the AWS careers page):
- Software Development Engineer
- IT Security Software Development Engineer
- Application Security Engineer
- Security Engineer
- Program Manager
- Amazon Web Services Public Sector Compliance Manager
— Jeff;
PS – As you might be able to guess from the name of this Region, we would be interested in talking to other sovereign nations about their cloud computing needs.