AWS Elastic Beanstalk Available in AWS GovCloud (US)
Recommended by 0 users
AWS Elastic Beanstalk is an easy-to-use service for deploying, scaling and managing applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. With AWS Elastic Beanstalk, you can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time.
AWS Elastic Beanstalk is also available in US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Canada (Central), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), EU (Frankfurt), EU (Ireland), EU (London), and South America (São Paulo) public AWS regions.
AWS GovCloud (US) Brief Overview
AWS GovCloud (US) is an isolated AWS region designed to allow U.S. government agencies and customers to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements. The AWS GovCloud (US) Region adheres to U.S. International Traffic in Arms Regulations (ITAR) requirements. You can run workloads that contain all categories of Controlled Unclassified Information (CUI) data and government-oriented, publicly available data in the AWS GovCloud (US) Region.
The AWS GovCloud (US) Region supports the management of regulated data by offering the following features:
- Restricting physical and logical administrative access to U.S. persons only.
- Providing FIPS 140-2 endpoints.
Depending on your requirements, you can also run unclassified workloads in the AWS GovCloud (US) Region and use the unique capabilities of this region.
AWS Elastic Beanstalk Benefits
● Fast and Simple to Begin
Elastic Beanstalk is the fastest and simplest way to deploy your application on AWS. You simply use the AWS Management Console, a Git repository, or an integrated development environment (IDE) such as Eclipse or Visual Studio to upload your application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring. Within minutes, your application will be ready to use without any infrastructure or resource configuration work on your part.
● Developer Productivity
Elastic Beanstalk provisions and operates the infrastructure and manages the application stack (platform) for you, so you don’t have to spend the time or develop the expertise. It will also keep the underlying platform running your application up-to-date with the latest patches and updates. Instead, you can focus on writing code rather than spending time managing and configuring servers, databases, load balancers, firewalls, and networks.
● Impossible to Outgrow
Elastic Beanstalk automatically scales your application up and down based on your application’s specific need using easily adjustable Auto Scaling settings. For example, you can use CPU utilization metrics to trigger Auto Scaling actions. With Elastic Beanstalk, your application can handle peaks in workload or traffic while minimizing your costs.
● Complete Resource Control
You have the freedom to select the AWS resources, such as Amazon EC2 instance type, that are optimal for your application. Additionally, Elastic Beanstalk lets you “open the hood” and retain full control over the AWS resources powering your application. If you decide you want to take over some (or all) of the elements of your infrastructure, you can do so seamlessly by using Elastic Beanstalk’s management capabilities.
AWS GovCloud (US) Region Compared to Standard AWS Regions
AWS GovCloud (US) is a gated community for workloads with direct or indirect ties to U.S. government functions or services. As a result, AWS GovCloud (US) offers the following features that are not available in the standard AWS regions:
- The AWS GovCloud (US) Region uses FIPS 140-2 approved cryptographic modules for all AWS service API endpoints, unless otherwise indicated in the AWS GovCloud (US) Endpoints section.
- The AWS GovCloud (US) Region maintains an ITAR-compliant infrastructure and is appropriate for all types of Controlled Unclassified Information (CUI) and unclassified data. For more details, see Maintaining U.S. International Traffic in Arms Regulations (ITAR) Compliance.
- The AWS GovCloud (US) Region is physically isolated and has logical network isolation from all other regions.
- For administrative purposes, AWS restricts all physical and logical access to the AWS GovCloud (US) Region and all potential access to restricted customer data. AWS allows only vetted U.S. persons with distinct access controls separate from other AWS regions to administer the AWS GovCloud (US) Region. Any customer data fields that are defined as outside of the ITAR boundary (such as S3 bucket names) are explicitly documented in the service-specific section as not permitted to contain ITAR-regulated data.
- The AWS GovCloud (US) Region authentication is completely isolated from Amazon.com.
The AWS GovCloud (US) Region also has high-level differences compared to the standard AWS regions. These differences are important when you evaluate and use the AWS GovCloud (US) Region. The following list outlines the differences:
- Sign up
During the signup process, each customer is vetted to ensure they are a U.S. entity (such as a government body, contracting company, or educational organization) and cannot be prohibited or restricted by the U.S. government from exporting or providing services.
The AWS GovCloud (US) Region uses endpoints that are specific to the AWS GovCloud (US) Region and that are accessible only to AWS GovCloud (US) customers.
You can access the AWS GovCloud (US) Region only with AWS GovCloud (US) credentials (AWS GovCloud (US) account access key and AWS GovCloud (US) IAM user credentials). You cannot access the AWS GovCloud (US) Region with standard AWS credentials. Likewise, you cannot access standard AWS regions using AWS GovCloud (US) credentials. Access credentials for the AWS GovCloud (US) Region are isolated from the standard AWS regions.
- AWS Management Console for the AWS GovCloud (US) Region
You sign in to the AWS GovCloud (US) console by using an IAM username and password. This requirement is different from the standard AWS Management Console, where you can sign in by using your account credentials (email address and password). You cannot use your AWS GovCloud (US) account access keys to sign in to the AWS GovCloud (US) console.
- Billing, account activity, and usage reports
An AWS GovCloud (US) account is always associated to a single standard AWS account for billing and payment purposes. All AWS GovCloud (US) billing is billed or invoiced to the associated standard AWS account. You can view the AWS GovCloud (US) account activity and usage reports through the associated AWS standard account only.
The AWS GovCloud (US) Region currently supports only the services that are listed in Supported Services. As additional services are deployed to the AWS GovCloud (US) Region, this list will be updated.
Services in the AWS GovCloud (US) Region might have different capabilities compared to services in standard AWS regions. For example, in AWS GovCloud (US), you must launch all Amazon EC2 instances in an Amazon Virtual Private Cloud (Amazon VPC). For detailed information about each service in the AWS GovCloud (US) Region, see Using AWS GovCloud (US).
For all AWS GovCloud (US) accounts created after December 15, 2014, AWS CloudTrail will be automatically enabled with logging turned on. Amazon SNS notifications, however, must be set up independently. If you prefer not to have CloudTrail enabled, you can use the CloudTrail console in the AWS Management Console for the AWS GovCloud (US) Region to disable it or turn off logging.
- Multi-factor authentication
Due to the separate authentication stack, the hardware MFA tokens used with standard AWS accounts are not compatible with AWS GovCloud (US) accounts. AWS GovCloud (US) only supports MFA devices listed on the Multi-Factor Authentication Page.
Services in the AWS GovCloud (US)
- Auto Scaling
- Auto Certification Manager
- Auto CloudFormation
- Auto CloudTrail
- Auto CloudHSM
- Amazon CloudWatch
- Amazon CloudWatch Events
- Amazon CloudWatch Logs
- AWS Code Deploy
- AWS Config
- AWS Direct Connect
- AWS Elastic Beanstalk
- Amazon EBS
- Amazon EC2
- AWS Server Migration Services
- EC2 VM Import/Export
- Amazon EC2 Systems Manager
- Elastic Load Balancing
- Amazon EMR
- Amazon Glacier
- AWS Identity and Access Management
- AWS Import/Export Snowball
- AWS KMS
- Amazon Kinesis Streams
- AWS Lambda
- Amazon Redshift
- Amazon RDS
- Amazon S3
- Amazon SNS
- Amazon SQS
- Amazon SWF
- Amazon VPC
- AWS Management Console
- AWS Trusted Advisor