Embedded Files
Summary: AWS European Sovereign Cloud
Summary: AWS European Sovereign Cloud
Introduction
Introduction
AWS has launched the European Sovereign Cloud, a new, independent cloud infrastructure designed specifically for the European Union, with a €7.8 billion investment. This cloud aims to provide comprehensive digital sovereignty, ensuring control and autonomy over digital assets within the EU.
Key Features and Benefits
Key Features and Benefits
Independent Governance: Operated by EU-based AWS employees with full access to source code and operational capabilities.
Sovereignty Requirements Framework: Developed in collaboration with EU customers and regulators to define and implement sovereignty controls.
Dedicated Security Operations Center: Ensures security functionality and response to threats.
Physical Separation: The first region in Germany will be physically isolated in Brandenburg, distinct from existing regions.
Operational Autonomy: AWS employees who are EU residents will manage operations, including customer support and data center operations.
Services and Data Location
Services and Data Location
Zonal Services: Reside in a single Availability Zone (AZ). Customers are responsible for building resilient architectures.
Regional Services: AWS manages resilience within the region. Both control and data planes are regional.
Global Services: Some services have a global control plane but maintain a regional data plane for local operations.
Extended Region Concepts
Extended Region Concepts
Local Zones: Provide local availability of certain services in areas without full regions.
Outposts: Allow customers to deploy AWS infrastructure on-premises, connected to a region.
Dedicated Local Zones: Offer complete local zones within customer premises for specific communities or governments.
AWS Nitro System
AWS Nitro System
A fundamental shift in cloud infrastructure design and security, included in all EC2 instances since 2018.
Key features include no operator access to running instances, separation of memory and compute from the hypervisor, and well-defined APIs for maintenance tasks with full audit trails.
Encryption
Encryption
AWS Key Management Service (KMS): Centralized control over encryption keys, with keys staying within the region in the European Sovereign Cloud.
Cloud HSM: A dedicated hardware module for generating and using encryption keys, compliant with PIPS 142 and 143 for high security.
AWS Control Tower
AWS Control Tower
A service for implementing and managing sovereignty controls at scale.
Offers over 245 controls organized into detective, preventive, and proactive categories to support digital sovereignty requirements.
Adoption Phases
Adoption Phases
Develop Sovereignty Strategy: Assess requirements, identify workloads, and create a cost-benefit analysis.
Data Classification and Reference Architectures: Classify data, understand processing requirements, and build reference architectures.
Implementation and Governance: Use tools like AWS Control Tower for governance and consider the shared responsibility model for sovereign solutions.
Speakers:
Markus Weyerhaeuser, Principal Solutions Architect, AWS |
Armin Schneider, Digital Sovereignty Specialist Solutions Architect, AWS
Link to AWS & Bundesliga
Page updated
Google Sites
Report abuse