Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Amazon Announces AWS GovCloud US-East Region

Amazon Announces AWS GovCloud US-East Region

This item in japanese

Amazon has announced their AWS GovCloud (US-East) region, an isolated AWS region, offering FedRAMP High and Moderate baseline security controls. This region is available now and targets federal, state, and local government agencies, IT contractors that serve them, and customers with regulated workloads. All operators of the region are citizens of the US working on US territory, complying with US government requirements.

AWS GovCloud (US-East) is the second GovCloud region targeting the US, following AWS GovCloud (US-West) which launched Amazon in 2011. Additionally, AWS GovCloud (US-East) provides many of the services offered by AWS, including ones such as Amazon Elastic Compute Cloud, Amazon Aurora, Amazon Simple Storage Service and more. Moreover, AWS GovCloud (US-East) provides three availability zones and offers cross-region features for several of their services, allowing to bridge services across the eastern and western regions. According to Amazon this will reduce latency or increase workload resiliency and availability.

The GovCloud regions from Amazon compete with other cloud environments specifically targeting governments, like Azure Government Cloud and IBM Cloud. Consequently, this has led to competing bids on several high valued contracts, like a ten million contract with the U.S. Defense Department, gaining the interest of several of the large cloud providers, as detailed by Naomi Nix, Ben Brody, and Kathleen Miller, reporters at Bloomberg.

The project, known as the Joint Enterprise Defense Infrastructure cloud, or JEDI, involves transitioning massive amounts of Defense Department data to a commercially operated cloud system. The initiative attracted widespread interest from technology companies struggling to catch up to Amazon in the burgeoning federal government market for cloud services.

Compliance with many of the US government requirements is ensured by AWS GovCloud, as well as several of the commercial standards.

  • Federal Risk and Authorization Management Program (FedRAMP) Moderate and High baselines
  • US International Traffic in Arms Regulations (ITAR)
  • Federal Information Security Management Act (FISMA) Low, Moderate, and High
  • Department of Justice's Criminal Justice Information Services (CJIS) Security Policy
  • Department of Defense (DoD) Impact Levels 2, 4, and 5
  • Healthcare Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry (PCI) Security
  • System and Organization Controls (SOC) 1, 2, and 3
  • ISO/IEC27001, ISO/IEC 27017, ISO/IEC 27018, and ISO/IEC 9001 compliance, primarily for healthcare, life sciences, medical devices, automotive, and aerospace customers

These certifications ensure that GovCloud complies with even the most demanding information security requirements which the governments set. Furthermore, to safeguard compliance, Amazon provides several programs and auditing options which should allow specific control to their users.

Only US entities and root account holders are allowed access to GovCloud, who must confirm that they are citizens or permanent residents. As a result, getting started with the service requires more work than for AWS' standard accounts, which includes signing an AWS GovCloud (US-East) Region Addendum and a vetting process ensuring the identity and status of the requester.

Rate this Article