4. High Availability Flood Plain A Network Provider B Power Utility C Flood Plain X Network Provider Y Power Utility Z www.myAgency.gov Elastic Load Balancer API API API
5. Cloud Platform Philosophy Virtualization Virtualization Root OS Application Infrastructure Generic Application Storage As A Service Database As A Service Queuing As A Service Root OS Application Infrastructure Specific Application Storage As A Service Database As A Service Queuing As A Service Infrastructure As A Service Platform As A Service Customer Controlled Customer Controlled
11. Amazon EC2 Instance Isolation Physical Interfaces Customer 1 Hypervisor Customer 2 Customer n … … Virtual Interfaces Firewall Customer 1 Security Groups Customer 2 Security Groups Customer n Security Groups
12. Multi-tier Security Architecture Web Tier Application Tier Database Tier EBS Volume Ports 80 and 443 only open to the Internet Engineering staff have ssh access to the App Tier, which acts as Bastion Authorized 3 rd parties can be granted ssh access to select AWS resources, such as the Database Tier Amazon EC2 Security Group Firewall
13. Customer’s Network Amazon Web Services Cloud Secure VPN Connection over the Internet Subnets Customer’s isolated AWS resources Router VPN Gateway Amazon Virtual Private Cloud