AWS has recently introduced Dedicated Local Zones, enabling customers to isolate sensitive workloads to meet their digital sovereignty requirements. This new option is designed for public sector and regulated industry customers who need dedicated infrastructure.
Managed by AWS but placed in a customer-specified location or data center, AWS Dedicated Local Zones are built exclusively for a single customer and help meet stringent security and compliance requirements. Matt Garman, senior vice president at AWS, explains:
Dedicated Local Zones can be operated by local AWS personnel and offer the same benefits of Local Zones, such as elasticity, scalability, and pay-as-you-go pricing, with added security and governance features. These features include data access monitoring and audit programs, controls to limit infrastructure access to customer-selected AWS accounts, and options to enforce security clearance or other criteria on local AWS operating personnel.
Currently available in 33 areas around the world with 19 new locations already announced, AWS Local Zone is a deployment option that places compute, storage, database, and other services closer to customers for data residency or reduced latency. Dedicated Local Zones offer the same advantages but they run on physically separate infrastructure that can be set up in multiple locations. Garman adds:
Customers can deploy multiple Dedicated Local Zones for resiliency and simplify their applications’ architecture by using consistent AWS infrastructure, APIs, and tools across different classifications of applications running in AWS Regions and Dedicated Local Zones.
The new option is part of the Digital Sovereignty Pledge that AWS announced last year. This pledge is founded on four pillars: control over the location of data, verifiable control over data access, the ability to encrypt everything, and cloud resilience.
Corey Quinn, chief cloud economist at The Duckbill Group, highlights in his newsletter how Dedicated Local Zones can reduce the pressure for new regions:
This is a subtle and remarkably genius play by AWS; it feels like it's an end run around the growing realization by governments that they can shake down cloud providers for region-sized investments by passing data residency laws.
The cloud provider highlights the difference between the new option and the existing AWS Outposts:
AWS Outposts is designed for workloads that need to remain on-premises due to latency requirements, where customers want those workloads to run seamlessly with their other workloads in AWS (...) AWS Dedicated Local Zones are designed to eliminate the operational overhead of managing on-premises infrastructure at scale.
Dedicated Local Zones currently support a subset of AWS services, mainly targeting virtual machines and Kubernetes clusters: EC2, EBS, ELB, ECS, EKS, and Direct Connect. Deployment costs are based on the location, data center, services, and features required, with no public prices available.
According to AWS, the Singapore Government's Smart Nation and Digital Government Group is the first government to run workloads on the cloud with the new deployment option.