AWS Public Sector Blog
Tag: Amazon VPC
Simplify firewall deployments using centralized inspection architecture with Gateway Load Balancer
As government organizations transition to Amazon Web Services (AWS), they often seek to maintain operational continuity by using their existing on-premises firewall solutions. Gateway Load Balancer (GWLB) enables seamless integration of these firewall appliances into the AWS architecture, ensuring consistent security policies and minimizing disruptions. This post explores best practices for implementing GWLB to facilitate centralized traffic inspection for both east-west and north-south traffic flows.
Mitigating inadvertent IPv6 prefix advertisement with AWS automation
As federal agencies migrate to the Trusted Internet Connections (TIC) 3.0 framework, they will use Amazon Web Services (AWS) to exit to the internet, bypassing the TIC network. This transition requires agencies to plan and coordinate migration activities to verify seamless IPv6 connectivity. Agencies need to coordinate advertising their IPv6 prefixes with AWS, using mechanisms like Bring your own IP addresses (BYOIP). The migration process could involve changes in routing policies, firewall rules, and security controls to accommodate the IPv6 prefix changes. Read this post to learn more.
University of British Columbia Cloud Innovation Centre: Governing an innovation hub using AWS management services
In January 2020, Amazon Web Services (AWS) inaugurated a Cloud Innovation Centre (CIC) at the University of British Columbia (UBC). The CIC uses emerging technologies to solve real-world problems and has produced more than 50 prototypes in sectors like healthcare, education, and research. The Centre’s work has involved 300-plus AWS accounts across various groups, including external collaborators, UBC staff, students, and researchers. This post discusses the management of AWS in higher education institutions, emphasizing governance to securely foster innovation without compromising security and detailing policies and responsibilities for managing AWS accounts across projects and research.
Streamlining digital transformation in German healthcare with AWS
Healthcare organizations worldwide are leveraging Amazon Web Services (AWS) and partner solutions to modernize, transform, and innovate their businesses. Ensuring the availability and security of critical applications is paramount. For example, two renowned German medical facilities, Fachklinikum Mainschleife and Max Grundig Klinik, needed to modernize their IT infrastructure to comply with stringent regulatory requirements outlined in the country’s Law for Accelerating the Digitalization of Healthcare (DigiG). Reliable and compliant service offerings from AWS enabled the medical facilities to provide reliable access to essential systems.
Web filtering for education using AWS Network Firewall
Managing access to websites and safeguarding users from harmful content is a critical component of a layered cybersecurity approach, especially in educational settings. Schools and institutions of higher learning have a responsibility to provide a secure online experience for their students and staff. Traditionally, this has been accomplished through on-site web filtering appliances. Amazon Web Services ( AWS) Network Firewall allows customers to filter their outbound web traffic from on-premises environments based on fully qualified domain names (FQDN) or Server Name Indication (SNI) for encrypted traffic. This post will use AWS Client VPN to demonstrate routing and filtering traffic from external resources through Network Firewall.
Building compliant healthcare solutions using Landing Zone Accelerator
In this post, we explore the complexities of data privacy and controls on Amazon Web Services (AWS), examine how creating a landing zone within which to contain such data is important, and highlight the differences between creating a landing zone from scratch compared with using the AWS Landing Zone Accelerator (LZA) for Healthcare. To aid explanation, we use a simple healthcare workload as an example. We also explain how LZA for Healthcare codifies HIPAA controls and AWS Security Best Practices to accelerate the creation of an environment to run protective health information workloads in AWS.
How to build an Aadhaar Data Vault on AWS
An Aadhaar number is a 12-digit unique identification number issued by the Unique Identification Authority of India (UIDAI) to every individual in India. Considering the sensitivity of the Aadhaar number and the potential implication of having one’s Aadhaar number compromised, UIDAI mandated the need for all Aadhaar and Aadhaar-related data to be encrypted and stored separately in a secure, access-controlled data repository known as an Aadhaar Data Vault. This blog post explains how government and private entities that collect, process, and store Aadhaar data for various use cases can use AWS CloudHSM from AWS to create an Aadhaar data storage solution that can meet guidelines provided by UIDAI.
What US federal customers need to know about memorandum M-21-31
The US Office of Management and Budget published M-21-31, a memorandum for federal government agencies to define event logging requirements related to cybersecurity incidents. These guidelines aim to support the detection, investigation, and remediation of cyber incidents on federal information systems. The memorandum defines various event logging (EL) tiers and the log data that must be captured for various log categories. Learn the services from AWS that have been called out explicitly in the memorandum for logging and retention requirements at the EL1 level, and the resources you can use to set up these services to capture the required log data.
Building a resilient and scalable clinical genomics analysis pipeline with AWS
At the Baylor College of Medicine Human Genome Sequencing Center (BCM HGSC), we aim to advance precision medicine and research in genomics. In that effort, we joined the ambitious All of Us Research Program funded by the National Institutes of Health (NIH) to help deliver genomic data to over one million individuals across the United States. In early 2019, we estimated that processing whole genome samples for this megaproject would imply a scale-up of over four times the production workload of our center. We used AWS to support our new pipeline demands, which saved time, reduced costs, and created new opportunities for future development.
AWS resources to address Apache Log4j vulnerabilities
This post aims to provide a summary of all the currently disclosed Apache Log4j issues as well as important resources that Amazon Web Services (AWS) has released to help our customers and partners limit any risks posed by these issues.