AWS Public Sector Blog
Category: AWS GovCloud (US)
Connectivity patterns between AWS GovCloud (US) and AWS commercial partition
AWS GovCloud (US) was architected to have isolation (both physically and logically) from other AWS partitions for compliance. For this reason, AWS services, used to privately interconnect virtual private cloud (VPC) hosted resources within the same partition like AWS PrivateLink, Amazon Virtual Private Cloud (Amazon VPC) peering, or AWS Transit Gateway peering, cannot span from AWS GovCloud (US) to commercial Regions natively by design. In this post, we will highlight four connectivity patterns customers can use to interconnect VPC hosted systems cross partition.
The U.S. Air Force improves aircraft readiness with AI and predictive maintenance solutions
The US Air Force (USAF) is responsible for more than 5,400 aircraft with an average age of 28 years. Read this blog post to learn how USAF employs predictive maintenance solutions, powered by Amazon Web Services (AWS), to predict when aircraft need to be grounded for repairs or updates, which helps maintain mission readiness while lowering maintenance costs.
Continued innovation in CJIS compliance in both AWS GovCloud (US) and AWS US Commercial Regions
Justice and public safety agencies and their solution providers are building highly available, resilient, and secure applications on AWS at a rapid pace. As these solutions are built, AWS’s innovative features and security controls can help customers comply with the latest Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Security Policy updates, and align with CJIS compliance not only in AWS GovCloud (US), but also in AWS (US) Commercial regions. Customers can confidently deploy CJIS workloads in either AWS (US) Region, while maintaining access to simple and powerful cloud native tools to manage the full lifecycle of sensitive data.
Migrate and modernize public sector applications using containers and serverless
Many public sector customers are interested in building secure, cost-effective, reliable, and highly performant applications. Technologies like containerization and serverless help customers migrate and modernize their applications. In this blog post, learn how public sector customers use offerings from AWS like AWS Lambda, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS) to build modern applications supporting diverse use cases, including those driven by machine learning (ML) and generative artificial intelligence (AI). If you want to learn more on this topic, please register to attend the webinar series, Build Modern Applications on AWS.
Implement a secure, serverless GraphQL architecture in AWS GovCloud (US) to optimize API flexibility and efficiency
GraphQL is a query language and server-side runtime system for application programming interfaces (APIs) that prioritizes giving clients exactly the information they request and no more. GraphQL can help public sector customers focus on their data and provide ways to explore the data in their APIs. Learn a reference architecture using serverless technologies that you can use to build GraphQL-enabled solutions in the AWS GovCloud (US) Regions to unify data access in real-time and simplify operations.
Navigating common use cases spanning AWS GovCloud (US) and standard AWS
There may be use cases where customers must orchestrate actions spanning AWS GovCloud (US) and standard AWS partitions. The common reasons customers may need to invoke AWS services in a standard account from an AWS GovCloud (US) account (or vice versa) include: cross-domain applications, feature parity, and if the AWS service doesn’t exist in AWS GovCloud (US). In this blog post, learn how to navigate these scenarios.
IAM Identity Center for AWS environments spanning AWS GovCloud (US) and standard Regions
AWS IAM Identity Center (successor to AWS Single Sign-On) provides administrators with a simple way to manage identity and access (IAM) across numerous AWS accounts. IAM Identity Center is available in the AWS GovCloud (US) Regions, enabling customers to simply manage access to numerous AWS accounts in their AWS GovCloud (US) organizations. In this blog post, learn four different architecture patterns for providing an organization’s AWS users with access to both standard and AWS GovCloud (US) accounts using IAM Identity Center that can help minimize administrative overhead and simplify the user experience.
How to improve government customer experience by building a modern serverless web application in AWS GovCloud (US)
Modern applications built using microservices architectures improve customer experience by dramatically reducing the risk of failures in a web application. In this blog post, we present a sample AWS reference architecture of a microservices application built using an architecture framework based in AWS GovCloud (US), which can help support adherence to a Federal Risk and Authorization Management Program (FedRAMP) High Baseline.
How the US DOJ Tax Division built a remote telework application in six weeks with AWS
In mid-February of 2022, the US federal government began planning the return-to-office after the COVID-19 pandemic. The US Department of Justice (DOJ) Tax Division needed to quickly build and launch a telework authorization application by April 1, which would help their more than 500 attorneys, paralegals, and administrative personnel request a hybrid work arrangement—all while keeping sensitive information compliant and secure. To do this, the DOJ Tax Division worked with AWS to build an enterprise-level telework approval application in less than two months, before the Division’s re-entry in mid-April of 2022.
How to implement CNAP for federal and defense customers in AWS
In July 2021, the U.S. Department of Defense (DoD) released a cloud native access point (CNAP) reference design that follows zero trust architecture (ZTA) principles and provides a new approach to access mission owner (MO) applications. The DoD’s reference design discusses four core capabilities of CNAP: authenticated and authorized entities (C1), authorized ingress (C2), authorized egress (C3), and security monitoring and compliance enforcement (C4). In this blog post, we walk through how to establish the C2 component via a virtual internet access point (vIAP) with AWS. The proposed architectures can reduce operational cost and management overhead, while improving the accessibility, resiliency, and security of mission owner applications.