Things you’ll learn
- What is AWS GovCloud
- AWS GovCloud security overview
- 10 Principal advantages and benefits of moving to the cloud
- AWS GovCloud Services vs Amazon Web Services
- Can I be assured my high-compliance requirements will be met?
- Pros and Cons of AWS GovCloud versus Azure Government / AWS
- Who are the principal users of AWS GovCloud?
- Pricing: AWS vs. AWS GovCloud
- Steps to implement AWS GovCloud
What is AWS GovCloud (US)?
AWS GovCloud User Guide is here to help you. Amazon Web Service’s GovCloud offers the similar services and the same high level of security as AWS, and meets specific regulatory and compliance requirements of US government agencies – such as FedRAMP High, ITAR, DFARS, and HIPAA – by running on a dedicated U.S. platform of hardware, network, and software, that are maintained by U.S. citizens only and provide customers with the ability to access the regions through FIPS 140-2 service endpoints.
GovCloud is available to federal government contractors and organizations in regulated industries, and is used by educational institutions.
For companies, government entities, and other organizations that do not have the manpower, capital, or other resources to host applications and digital workloads on their own, the AWS GovCloud offering provides the necessary compliant hosting infrastructure in the cloud. Quickly satisfy compliance requirements, such as CMMC Levels 1 through 3, without the overhead and risk of managing a data center on your own [Read our perspective on the state of CMMC here]. GovCloud offers all of this capability along with the traditional benefits of cloud scale and speed. Get started with Oxalis AWS GovCloud services.The services available with AWS GovCloud do differ from the services available with the public cloud offering of AWS, though AWS strives constantly to narrow the gap. For standard workload requirements, application hosting, or storage needs, services residing on Amazon’s sovereign cloud are more than sufficient, compliant, and safe to use; if there are specific services you need in GovCloud, AWS provides a guide to the service differences. Continue reading our AWS GovCloud User Guide to decide if this platform is right for you.
Can I Trust the AWS GovCloud Services?
Well, that’s a good question. The answer is “Yes”. You can trust in the AWS Govcloud Services.
The Department of Homeland Security, U.S. Army, and countless government and intelligence agencies are all landing mission critical workloads on this infrastructure.
However, please note, AWS GovCloud is just a platform. Without a trusted partner or in-house knowledge of this advanced technology, you can quickly get yourself into trouble. Data exposures, compromised services and systems, or worse have all happened when organizations do not develop, deploy, or maintain well architected and operated cloud solutions.
Advantages of Moving to the Cloud
If you are thinking about moving to the cloud, chances are you have considered these main advantages. For those who are still evaluating, here are the primary advantages of moving your workloads to the cloud in a generic sense:
- Elasticity – Using auto-scaling and load balancing, only use resources according to your demand.
- Cost Savings – Only pay for the computing power, storage, and resources that you use! The AWS cloud also has no long-term contracts or up-front commitments.
- Flexibility – You choose the system, programming language, and services that are right for your business.
AWS GovCloud (US) offers all of these advantages, with the addition of high security and compliance.
Thinking about migrating to the Cloud? Check out our post detailing out 5 Considerations for your AWS Cloud Migration Strategy.
Amazon GovCloud, Summarized:
- GovCloud is a compliant hosting infrastructure in an isolated section of Amazon’s AWS cloud.
- GovCloud is equipped to handle all categories of Controlled Unclassified Information (CUI) data and government-oriented, publicly available data.
- GovCloud restricts physical and logical administrative access to US citizens, and can run workloads that contain all categories of CUI data.
- AWS only allows vetted US citizens with access controls to administer the GovCloud Region, and the AWS GovCloud sovereign cloud is completely isolated from Amazon.com.
- Even though AWS does manage access controls for GovCloud, each business is responsible for controlling their own content.
Do you have questions about moving to the Cloud? Do you think AWS GovCloud is the right move for your business, or do you want to learn more? Oxalis provides AWS Govcloud Services that can help you scale your efforts.
What are the benefits of AWS GovCloud?
There are many benefits of Amazon’s AWS as a cloud platform. For people unfamiliar with what AWS offers, here is a quick run down of the most common AWS Cloud services and why they matter:
Amazon Elastic Cloud Compute (EC2) | AWS Elastic Cloud Compute (EC2), one of the basic building blocks of any AWS cloud solution, provides dynamic and scalable compute capacity. EC2 is available in pay-as-you-go plans or discounted long-term contracts. Business Example: EC2 can be used for dedicated hosting of applications, software and websites on the cloud. Dynamic and scalable compute capabilities make EC2 a key solution for a growing application or application |
Amazon Simple Storage Service (S3) | The second key building block of an AWS cloud solution, S3 provides secure data storage on the cloud. S3 storage is accessible from any system connected to the internet and correctly authenticated into your AWS configuration. Business Example: Permission-based file storage, accessible from anywhere by individuals or applications with the appropriate credentials. |
Amazon Aurora and Amazon DynamoDB | Amazon Aurora and DynamoDB are the final core building blocks of the AWS cloud solution, offering relational and nonrelational database capabilities, respectively. Amazon Aurora is a relational database built for your cloud services and is compatible with both MySQL and PostgreSQL. Amazon DynamoDB is the NoSQL parallel to Amazon Aurora. Business Example: Cost-effective open source database solution for your cloud applications and environments. |
AWS Lambda | Similar to EC2, AWS Lambda offers compute capacity in the cloud, but executes serverlessly. Lambda comes at a small premium, but lets you run code without managing EC2s or incurring the ongoing costs of a dedicated instance. AWS Lambda will handle all administrative tasks, including server and system maintenance, capacity provisioning and scaling, and code monitoring and logging. Business Example: Background tasks are best suited for AWS Lambda, where persistent server environments are not necessary and workloads are small, sporadic, or hard to predict. |
Amazon ELB | Distribute incoming application traffic using an Amazon ELB (Elastic Load Balancing). ELB can function across availability zones and services including EC2 instances, containers, IP addresses, Lambda functions, and virtual appliances. |
Amazon VPC | Amazon’s virtual private network solution, isolated within the AWS GovCloud. Defined per your requirements and specifications, including private IP address range, subnets, route tables, and network gateways. Business Example: Deploy a VPC and ELB to logically isolate production back-end services from public entry point. |
Amazon Workspaces | Secure, persistent, and managed cloud desktop virtualization services. Accessible from supported devices. Business Example: Virtual Desktop Infrastructure is a standard security practice for organizations desiring to centralize their workforce within compliant and secure desktop infrastructure. Amazon Workspaces is the AWS GovCloud-available solution to meet this need |
Simple Email Service (SES) | Recently added to the Amazon GovCloud (US) suite, SES is an email service for your AWS GovCloud (US) services. |
Redshift | Redshift is a data warehouse service in the cloud. Capable of managing petabytes of data, Redshift is the AWS solution for acquiring new insights for your business. |
CloudWatch | CloudWatch is AWS’s resource monitor service that can be used to collect and track metrics relevant for your applications and resources. Business Example: Set up alarms to alert your administrators during an unauthorized access attempt to your AWS Console. Tie these alarms to a slack channel for quick and distributed alerting. An overview of a reference implementation can be found below: |
AWS works constantly to improve their service offerings. Examples of recently announced GovCloud improvements include:
- Adding Amazon SageMaker Studio to AWS GovCloud (US) Regions: SageMaker Studio is an integrated development environment (IDE) that provides a single web-based visual interface where you can quickly upload data, use notebooks on a wide range of instance types, train and tune models, run experiments, and collaborate seamlessly within your organization.
- Adding AWS CodePipeline to AWS GovCloud (US-East): CodePipeline automates the build, test, and deploy phases of your release process when there is a code change, based on the release model you define.
- Adding AWS Directory Service support for smart card authentication in AWS GovCloud (US-East) Region: Use Common Access Card (CAC) and Personal Identity Verification (PIV) smart cards to authenticate users into Amazon WorkSpaces through your self-managed Active Directory (AD) and AWS Directory Service AD Connector.
A full list of AWS GovCloud services can be found on the product details page: AWS GovCloud (US) Product Details – Amazon Web Services.
How do AWS GovCloud (US)’s Services Differ from Standard AWS’s?
AWS GovCloud vs AWS. Compliant vs. General Purpose. Premium vs Bargain. How do these two AWS tiers stack up against each other and is GovCloud worth it?
The good news is that both products provide agencies and businesses with a complete infrastructure web services platform in the cloud. This includes all of the above-mentioned compute, analytics, networking, monitoring, and storage services. If you need compliance, though, standard AWS can’t help you, since its data may be stored outside the continental U.S. and managed by non-US citizens, and AWS GovCloud (US) endpoints are only accessible to AWS GovCloud (US) customers. Similarly, FIPS 140-2 compliant endpoints are also available exclusively for AWS GovCloud (US) Regions.
It’s important to note that while most AWS services are available in GovCloud, there are often limitations, missing features, and restrictions to GovCloud services – due to the challenges of meeting compliance requirements. AWS provides a complete list of these differences, so do your homework. Here are a few examples:
What Regulatory and Compliance Requirements can be Satisfied by AWS GovCloud (US)?
AWS GovCloud (US) is designed to meet the most stringent regulatory and compliance requirements encountered by U.S. Government agencies and contractors. Below is a list of some of these frameworks supported by AWS GovCloud (US):
AWS provides a full list of compliance certifications, attestations, regulations, alignments, and frameworks that are satisfied by GovCloud. It is important to note here that AWS GovCloud provides the infrastructure and design to enable customers to meet these regulatory requirements, but ultimately the implementation of cloud services within AWS GovCloud requires careful and intentional management to ensure security and compliance.
What are the Pros and Cons of AWS GovCloud versus Azure Government or regular AWS?
An entire article could be dedicated to this comparison, but for the sake of this blog we will keep it short. Amazon AWS and Microsoft Azure make up the largest public cloud services. Each company has made significant investment in security for their standard tier cloud infrastructure and extended that into full Government compliance with the AWS GovCloud and Azure Government offerings.
A few considerations to take into account:
Need help deciding? The choice can be difficult, but Oxalis is experienced in both Azure Government and AWS GovCloud. Reach out to our experts for assistance with evaluating the cloud migration dilemma. Get help with Govcloud Services.
Who Can Use AWS GovCloud (US)? What Requirements Do I Have to Meet In Order to Use AWS GovCloud (US)?
All U.S. persons can request access to AWS GovCloud (US) resources, but access is subject to approval. Access is restricted to customers who:
Government entities are required to sign a customer agreement and an agreement specific to AWS GovCloud (US) in order to access AWS GovCloud (US) resources.
Interested in applying for access to AWS GovCloud? Oxalis has experience applying, deploying, and managing multiple AWS GovCloud instances internally as well as for our customers. Reach out for a fit consultation to determine if AWS GovCloud (US) is the right solution for your needs. Our U.S.-based team of experts can help you navigate the application process.
Once you’ve determined that AWS GovCloud (US) is the right solution for you, qualified customers can request access to from the AWS Management Console of a standard AWS account, by contacting an AWS business representative, or by reaching out to Oxalis for assistance.
What does AWS GovCloud Pricing Look Like? What Does Amazon Web Service Hosting Cost?
The AWS offerings within standard and GovCloud are vast and flexible. For the purposes of this quick comparison, we will focus on relative costs of the major compute and storage offerings of AWS Govcloud vs AWS. AWS is the standard for cloud-based offerings and can be taken as a benchmark when calculating the impact of moving to a compliant cloud like AWS GovCloud.
Note: Cloud compute and storage prices are constantly in flux so please consult the AWS calculator for the most up-to-date pricing: https://calculator.aws. The numbers included below are up-to-date as of August 2021.
Before diving into the numbers, let’s have a look at the AWS compute tiers to better understand what options are available and begin to decipher Amazon’s naming conventions. EC2 offers the most customization and the options can often be overwhelming when reviewed for the first time. Read on to learn the framework. Contact us to learn more about AWS Govcloud Services.
An Intro to EC2 Tiers
Amazon groups EC2 compute options into tiers, which offer varying optimization balances to maximize your EC2 purchase. These tiers are differentiated by an alphanumeric ID representing the ratio of Memory, vCPU, Network Performance, and Storage provided to each instance. Each tier is cost-optimized for that particular ratio. You can use the AWS calculator to determine the appropriate tier based on a particular memory or vCPU requirement, or you can select a specific tier via the Advanced Estimate option.
The EC2 Families
To better understand the AWS offerings, we can group the tiers into five families:
AWS Pricing Compared to AWS GovCloud (US)
Note: Cloud compute and storage prices are constantly in flux so please consult the AWS calculator for the most up-to-date pricing: https://calculator.aws. The numbers included below are up-to-date as of August 2021.
You likely have a number of questions when it comes to AWS GovCloud pricing:
- How much more expensive is AWS GovCloud (US)?
- How much does a standard selection of AWS GovCloud (US) services cost when compared to AWS Standard?
- How much does AWS GovCloud (US) cost per hour? Per month? How does that pricing change when reserved in an annual subscription?
Below we provide a few examples of the pricing breakdown for standard AWS options, along with the percent difference between GovCloud and standard AWS cloud. Get the conversation started about Govcloud Services.
Services Analyzed:
Pricing Assumptions:
- Using AWS GovCloud West and US West (Oregon) regions for GovCloud and AWS Standard estimates, respectively.
- 1 year cost estimate is for 100% upfront payment
1 – S3 Standard Storage Costs per Month
Storage Size | AWS (USD) | AWS GovCloud (US) (USD) | % Difference |
1 TB | 23.55 | 39.94 | 70% Increase |
100 TB | 2,304.00 | 3,891.20 | 69% Increase |
1000 TB | 22,067.20 | 37,222.40 | 69% Increase |
2 – EC2 Hourly Compute Costs per Hour (On-Demand and 1 Year Reserved)
Example Specifications
Family | Tier | Memory | vCPUs | Network Performance | Storage |
General Purpose | t3.large | 8 GiB | 2 | Up to 5 Gigabit | EBS only* |
Compute Optimized | c5.large | 4 GiB | 2 | Up to 10 Gigabit | EBS only* |
Memory Optimized | r6g.large | 16 GiB | 2 | Up to 10 Gigabit | EBS only* |
Accelerated Computing | inf1.xlarge | 8 GiB | 4 | Up to 25 Gigabit | EBS only* |
Storage Optimized | i3.large | 15.25 GiB | 2 | Up to 10 Gigabit | 1 x 475 NVMe SSD |
*EBS = Elastic Block Store: either SDD or HDD-based high-performance block storage
Cost Comparison
Family | Selected Tier | On-Demand Hourly Cost AWS (USD/hr) | 1 Year ReservationAWS (USD/hr) | On-Demand Hourly Cost GovCloud (US) (USD/hr) | 1 Year Reservation AWS GovCloud (US) (USD/hr) | % Difference (1 year reserved) |
General Purpose | t3.large | 0.0832 | 0.0487 | 0.0976 | 0.0574 | 18% Increase |
Compute Optimized | c5.large | 0.085 | 0.05 | 0.102 | 0.06 | 20% Increase |
Memory Optimized | r6g.large | 0.1008 | 0.0593 | 0.1208 | 0.071 | 20% Increase |
Accelerated Computing | inf1.xlarge | 0.228 | 0.134 | 0.228 | 0.169 | 26% Increase |
Storage Optimized | i3.large | 0.156 | 0.099 | 0.188 | 0.12 | 21% Increase |
3 – Lambda – Serverless Compute Costs Per Month
AWS Lambda starts to become more cost-effective than standard EC2 when running small workloads at most one quarter of the time (when compared to an always-on compute load). Interestingly enough, there does not appear to be a premium on running Lambda functions on AWS GovCloud (US) at this time.
Lambda Memory Size (GB) | Execution-seconds* | AWS (USD) | AWS GovCloud (US) (USD) | % Difference |
2 | 1296000 | 36.59 | 36.59 | 0 % |
2 | 2592000 | 80.05 | 80.05 | 0 % |
4 | 1296000 | 79.79 | 79.79 | 0 % |
4 | 2592000 | 166.45 | 166.45 | 0 % |
*Assuming each execution runs for either 0.5 or 1 second, distributed over 1 month.
4 – Application ELB – Load Balancing Fixed Costs Per Month*
Number of Load Balancers | Type of Load Balancer | AWS (USD) | AWS GovCloud (US) (USD) | % Difference |
1 | Application | 16.43 | 23.36 | 42% Increase |
2 | Application | 32.85 | 46.72 | 42% Increase |
*Estimate does not include LCU usage charges
5 – CloudWatch – Logging Costs Per Month
Number of Metrics | Dashboards | Composite Alarms | AWS (USD) | AWS GovCloud (US) (USD) | % Difference |
20 | 5 | 9 | 16.50 | 17.85 | 8% Increase |
40 | 10 | 20 | 43.00 | 46.00 | 7% Increase |
6 – VPC and NAT Gateway Costs Per Month
Data Processed per NAT Gateway (GB) | AWS (USD) | AWS GovCloud (US) (USD) | % Difference |
10 | 33.30 | 39.96 | 20% Increase |
100 | 37.35 | 44.82 | 20% Increase |
1000 | 77.85 | 93.42 | 20% Increase |
Pricing Analysis Summary
Increased compliance and security comes at an increased cost. Approximately 25% greater cost.
As expected, our calculations show that AWS GovCloud (US) is more expensive than standard, approximately 10% to 70% increase in cost, depending on the service. Some key takeaways:
Calculating your migration costs and need help? Reach out to our team of experts to evaluate your cloud migration landscape and anticipated costs. We can help you set up the cost calculator and find the solution(s) that meet your specific needs. Ready to learn more about GovCloud services?
How do you Implement AWS GovCloud?
So you’ve decided AWS GovCloud is the right solution for your needs. How do you go about purchasing a license and getting started with configuration? The first step is to sign up for the service, which can be done manually or through a solution provider such as Oxalis.
Interested in contacting a Govcloud services provider? Learn more about Us.
Sign Up
- Option 1 – Create an AWS GovCloud (US) account through a Solution Provider.
- Recommended for organizations who don’t yet know what AWS services they will need, or those who are interested in optimizing their AWS GovCloud procurement and resource allocation.
- Option 2 – Create an AWS GovCloud (US) from a standalone AWS account.
- To do this, create or log into your AWS standard account and navigate to the “My Account” page at the top of the Console
- At the bottom of the “My fAccount” page, there will be a GovCloud (US) section. If you do not see this section, ensure you logged in with the root credentials otherwise, create a support ticket. Click “Sign up for AWS GovCloud (US).”
- This will navigate you to the AWS GovCloud (US) Sign Up Portal where it will ask you to accept the AWS GovCloud (US) legal agreement and provide additional information, so we can verify your eligibility for an AWS GovCloud (US) account.
Account Linking
Since AWS GovCloud (US) accounts are associated with standard AWS accounts for billing, service, and support purposes, customers are required to have an existing standard account before signing up for an AWS GovCloud (US) account. It is recommended to create a new AWS account that will only be used solely for AWS GovCloud sign up and billing to ensure your standard AWS workloads will not be affected when transferring or closing GovCloud accounts.
Onboarding
There are a few steps required to onboard your AWS GovCloud account, which are outlined here:
- Sign in to your account.
- Create an alias for your account.
- Create and download access keys.
- Verify AWS CloudTrail is Enabled.
Configuration
At this step, we recommend configuring a few console items to secure your account before allocating any AWS services or migrating data to the cloud:
- Configure the AWS CLI
- Create an IAM User to Access the Console
- Configure Audit Logging
- Enable Multi-Factor Authentication (MFA) for IAM users
- Sign Up for AWS GovCloud (US) Customer Support
Allocation
Last but not least, you will need to procure the AWS services that your organization needs for the cloud. Below is an example of what a final implementation may look like for a moderately-sized application on AWS GovCloud (US):
The EC2 instances allocated for this application are deployed on T3 and T2 instance types for the general purpose, long-running, burstable workloads of the application:
What does success look like?
HR and compliance company Mineral needed to get their primary revenue generating application to the cloud fast. The business was about to scale dramatically and something needed to be done to set the stage for the uptime, expansion, and partnerships coming quickly. Oxalis was engaged to assess, architect, and migrate Mineral’s monolith code base to AWS services and resilient cloud architecture so that the business could proceed with revenue generating partnerships.
Previous efforts had failed and something needed to be done.
Find out more by reading our AWS Migration case study with Mineral
How Oxalis Can Help with AWS Govcloud Services
Oxalis offers various services for AWS GovCloud including:
- Cloud Architecture Design
- Cloud Infrastructure Implementation
- Serverless Architecture
- Cloud Migration
- Cost Optimization
Thinking about migrating to the Cloud? Check out our post detailing out 5 Considerations for your AWS Cloud Migration Strategy.
Do you think AWS GovCloud is the right move for your business, or do you want to learn more? Enter your information below to contact one of our experts to start the conversation today, or learn more about our Amazon Govcloud services.
Need more Info? Check out our AWS GovCloud Services User Guide
Here is what our AWS GovCloud user guide includes:
- Overview of AWS GovCloud Services with related ITAR boundaries.
- Instructions on signing up for and setting up AWS GovCloud.
- Differences between standard AWS regions vs. GovCloud.
- A brief usage and troubleshooting guide.
Recommended blog posts
Contact us to get more information about AWS Govcloud Services
Contact us today for a free consultation about AWS GovCloud Services, to hear how Oxalis can help.