Upload File

aws outposts - user guide...y oum i g h tencr ldns sw r 53, d p a y between your outpost and the aws...

  • Home
  • Documents
  • AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises
31
AWS Outposts User Guide

Upload: others

Post on 06-Jan-2020

4 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS OutpostsUser Guide

Page 2: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User Guide

AWS Outposts: User GuideCopyright © 2020 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

Amazon's trademarks and trade dress may not be used in connection with any product or service that is notAmazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages ordiscredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who mayor may not be affiliated with, connected to, or sponsored by Amazon.

Page 3: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User Guide

Table of ContentsWhat Is AWS Outposts? ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Key Concepts .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1AWS Resources on Outposts ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Pricing .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

How AWS Outposts Works .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Network Components .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

VPCs and Subnets .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Access to your Local Network .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Access to the Internet .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Access to AWS ..... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Local Network Connectivity ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Physical Connectivity ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Link Aggregation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Virtual LANs .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Network Layer Connectivity ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Service Link BGP Connectivity ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Local Gateway BGP Connectivity ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Region Connectivity ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Connectivity through Service Links .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Connectivity through the Local Gateway .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Redundant Internet Connections .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Requirements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Facility ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Networking .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Power .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Get Started .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Create an Outpost and Order Outpost Capacity ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Launch an Instance .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Step 1: Create a Subnet .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Step 2: Configure Routing .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Step 3: Launch an Instance .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Step 4: Test Connectivity ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Local Gateways .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15VPC Associations .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Create a VPC Association .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Delete a VPC Association .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Route Tables .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Create a Route .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Edit a Route .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Delete a Route .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Virtual Interfaces .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Security ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Data Protection .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Encryption at Rest ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Encryption in Transit ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Data Deletion .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Identity and Access Management .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Policy Structure .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Example Policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Infrastructure Security ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Resilience .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Compliance Validation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Monitoring .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22CloudWatch Metrics ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

iii

Page 4: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User Guide

Outpost Metrics ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Outpost Metric Dimensions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24View CloudWatch Metrics for Your Outpost ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Maintenance .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Hardware Maintenance .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Firmware Updates .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Document History .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

iv

Page 5: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideKey Concepts

What Is AWS Outposts?AWS Outposts is a fully managed service that extends AWS infrastructure, services, APIs, and tools tocustomer premises. By providing local access to AWS managed infrastructure, AWS Outposts enablescustomers to build and run applications on premises using the same programming interfaces as in AWSRegions, while using local compute and storage resources for lower latency and local data processingneeds.

An Outpost is a pool of AWS compute and storage capacity deployed at a customer site. AWS operates,monitors, and manages this capacity as part of an AWS Region. You can create subnets on your Outpostand specify them when you create AWS resources such as EC2 instances, EBS volumes, ECS clusters, andRDS instances. Instances in Outpost subnets communicate with other instances in the AWS Region usingprivate IP addresses, all within the same VPC.

For more information, see the AWS Outposts product page.

Key Concepts• Outpost site – The customer-managed physical buildings where AWS will install your Outpost. A site

must meet the facility, networking, and power requirements for your Outpost.• Outpost configurations – Mixes of Amazon EC2 compute capacity, Amazon EBS storage capacity, and

networking support. Each configuration has unique power, cooling, and weight support requirements.• Outpost capacity – Compute and storage resources available on the Outpost. You can view and

manage the capacity for your Outpost from the AWS Outposts console.• Outpost equipment – Physical hardware that provides access to the AWS Outposts service, including

racks, servers, switches, and cabling owned and managed by AWS.• Service link – Network route that enables communication between your Outpost and its associated

AWS Region.• Local gateway – A logical interconnect virtual router that enables communication between your

Outpost and your on-premises network.

AWS Resources on OutpostsYou can create the following resources on your Outpost to support low-latency workloads that must runin close proximity to on-premises data and applications:

• Amazon EC2 instances and EBS volumes – Launch an Instance on Your Outpost (p. 13)• Amazon ECS clusters – Amazon Elastic Container Service on AWS Outposts• Amazon EKS nodes – Amazon Elastic Kubernetes Service on AWS Outposts• Amazon EMR clusters – EMR Clusters on AWS Outposts• Amazon RDS DB instances – Amazon RDS on AWS Outposts• AWS App Mesh Envoy proxy – AWS App Mesh on AWS Outposts

PricingYou can choose from a variety of Outpost configurations, each providing a combination of EC2 instancetypes and EBS volumes. The pricing for these configurations includes the EC2 instances and EBS volumes,

1

http://aws.amazon.com/outposts/
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-on-outposts.html
https://docs.aws.amazon.com/eks/latest/userguide/eks-on-outposts.html
https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-outposts.html
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html
https://docs.aws.amazon.com/app-mesh/latest/userguide/app-mesh-on-outposts.html
Page 6: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuidePricing

plus delivery, installation, and maintenance of the Outpost equipment. You can also increase yourcompute and storage capacity over time by upgrading your configuration.

You purchase a configuration for a 3-year term and can choose from three payment options: All Upfront,Partial Upfront, and No Upfront. If you choose the Partial or No Upfront payment option, monthlycharges will apply. Any upfront charges apply 24 hours after your Outpost is installed and the computeand storage capacity is available for use. For more information, see the AWS Outposts pricing page.

2

http://aws.amazon.com/outposts/pricing/
Page 7: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideNetwork Components

How AWS Outposts Works

AWS Outposts is designed to operate with a constant and consistent connection between your Outpostand an AWS Region. To achieve this connection to the Region, and to the local workloads in your on-premises environment, you must connect your Outpost to your on-premises network. Your on-premisesnetwork must provide wide area network (WAN) access back to the Region and to the internet. It mustalso provide LAN or WAN access to the local network where your on-premises workloads or applicationsreside.

The following image shows an Outpost rack. The 42U rack is 80 inches high by 24 inches wide by 48inches deep.

Contents

• AWS Outposts Network Components (p. 3)

• Outpost Connectivity to the Local Network (p. 5)

• Outpost Connectivity to AWS Regions (p. 8)

AWS Outposts Network ComponentsThe following diagram shows the network components for your Outpost.

3

Page 8: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideVPCs and Subnets

VPCs and SubnetsA virtual private cloud (VPC) spans all Availability Zones in its AWS Region. You can extend any VPC inthe Region to your Outpost by adding an Outpost subnet. To add an Outpost subnet to a VPC, specifythe Amazon Resource Name (ARN) of the Outpost when you create the subnet.

IP AddressingAWS creates an address pool, known as a customer-owned IP address pool, based on information that youprovide about your on-premises network. Customer-owned IP addresses provide internet connectivityto resources in your Outpost subnets through your on-premises network. You can assign these publicaddresses to resources on your Outpost, such as EC2 instances, using Elastic IP addresses. When youallocate an Elastic IP address, you can select an IP address from your customer-owned IP address pool.You continue to own the IP addresses in your customer-owned IP address pool and are responsible foradvertising them on the internet.

You can also use IP address ranges that you provisioned for use with your AWS resources through bringyour own IP addresses (BYOIP). These public IP addresses provide internet connectivity through the AWSRegion.

RoutingThe route tables for Outpost subnets work as they do for Availability Zone subnets. You can specifyIP addresses, internet gateways, local gateways, virtual private gateways, and peering connections asdestinations.

By default, every Outpost subnet inherits the main route table from its VPC. You can create a customroute table and explicitly associate it with an Outpost subnet. You can include a local gateway as a next-hop target for traffic to be routed to your on-premises network.

DNSBy default, EC2 instances in Outposts subnets can use the Amazon Route 53 DNS Service to resolvedomain names to IP addresses. Route 53 supports DNS features such as domain registration, DNS

4

Page 9: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideAccess to your Local Network

routing, and health checks for instances running in your Outpost. Both public and private hosted zonesare supported for routing traffic to specific domains. Route 53 resolvers are hosted in the AWS Region.Therefore, service link connectivity from the Outpost back to the AWS Region must be up and runningfor these DNS features to work.

You might encounter longer DNS resolution times with Route 53, depending on the path latencybetween your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locallyin your on-premises environment. To use your own DNS servers, you must create DHCP option setsfor the servers and associate them with the VPC. You must also ensure that there is IP connectivity tothese DNS servers. You might also need to add routes to the local gateway routing table for reachability.Because DHCP option sets have a VPC scope, instances in both the Outpost subnets and the AvailabilityZone subnets for the VPC will try to use the specified DNS servers for DNS name resolution.

Access to your Local NetworkA local gateway is a local interconnect virtual router that enables communication between your Outpostand your on-premises network. You can also use the local gateway for communication between yourOutpost and the internet. Each Outpost supports a single local gateway. You can associate multiple VPCswith the local gateway. For more information, see Local Gateways (p. 15) and Outpost Connectivity tothe Local Network (p. 5).

Access to the InternetThe local gateway enables connectivity from your Outpost subnets to the internet.

For local internet connectivity, you can use a NAT instance in your Outpost subnet or send internet-bound traffic to a NAT device in your on-premises network.

Access to AWSThe local gateway for your Outpost enables connectivity from your Outpost subnets to all AWS servicesthat are available in the parent Region, in the same way that you access them from an Availability Zonesubnet. For example, you can access the Regional service endpoints over the public internet or you canuse interface VPC endpoints (AWS PrivateLink) to access them without going over the public internet. Formore information, see Outpost Connectivity to AWS Regions (p. 8).

Outpost Connectivity to the Local NetworkThe Open Systems Interconnection (OSI) model divides network architecture into seven layers. In thissection, we introduce AWS Outposts networking, starting from layer 1 of the OSI model, the physicallayer. Next, we cover the virtual local area network (VLAN) and the Link Aggregation Control Protocol(LACP) from layer 2. Finally, we cover layer 3 network connectivity and Border Gateway Protocol (BGP).

Contents

• Physical Connectivity (p. 6)

• Link Aggregation (p. 6)

• Virtual LANs (p. 7)

• Network Layer Connectivity (p. 7)

• Service Link BGP Connectivity (p. 8)

• Local Gateway BGP Connectivity (p. 8)

5

Page 10: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuidePhysical Connectivity

Physical ConnectivityAn Outpost rack has two physical network devices that attach to your local network.

An Outposts requires a minimum of two physical links between these Outpost network devices and yourlocal network devices. An Outpost supports the following uplink speeds and quantities per Outpostnetwork device.

Uplink speed Number of uplinks

1 Gbps 1, 2, 3, 4, 5, 6, 7, 8

10 Gbps 1, 2, 3, 4, 8, 12, 16

40 Gbps 1, 2, 3, 4

100 Gbps 1, 2, 3, 4

The uplink speed and quantity are symmetrical on each Outpost network device. If you use 100 Gbps asthe uplink speed, you must configure the link with forward error correction (FEC CL91).

Outpost racks can support single-mode fiber (SMF) with Lucent Connector (LC), multimode fiber (MMF),or MMF OM4 with LC. AWS provides the optics that are compatible with the fiber that you provide at therack position.

Link AggregationAWS Outposts uses the Link Aggregation Control Protocol (LACP) to establish two link aggregationgroup (LAG) connections to your Outpost network devices and to your local network devices. The linksfrom each Outpost network device are aggregated into an Ethernet LAG to represent a single networkconnection. These LAGs use LACP with standard fast timers.

To enable an Outpost installation at your site, you must configure your side of the LAG connections onyour network devices.

The following diagram shows four physical connections between each Outpost network device and itsconnected local network device. We use Ethernet LAGs to aggregate the physical links connecting theOutpost network devices and the local network devices.

6

Page 11: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideVirtual LANs

Virtual LANsEach LAG between an Outpost network device and a local network device must be configured as an IEEE802.1q Ethernet trunk. This enables the use of multiple VLANs for network segregation between datapaths.

Each Outpost has the following data paths between the on-premises network and its network:

• Service link VLAN – Enables communication between the Outpost and the AWS Region for bothcontrol plane and VPC data plane traffic. This VLAN provides access to the AWS Region, which enablesthe service link connection from the Outpost to be established back to the Region. The service link is acustom VPN or VPNs from the Outpost to the Region.

• Local gateway VLAN – Enables VPC traffic from your VPC to your local LAN. This VLAN enablesinstances running on the Outpost to communicate with your on-premises network. It also enablesthem to communicate with the internet through your on-premises network.

An Outpost is designed to segregate the service link and local gateway data paths into two isolatednetworks. This enables you to choose which of your networks can communicate with services running onthe Outpost. It also enables you to make the service link an isolated network. The demarcation line existsat the port of the Outpost network devices. AWS manages any infrastructure on the AWS side of the lineand you manage any infrastructure on your side of the line.

To integrate your Outpost with your on-premises network, you must allocate the VLANs used betweenthe Outpost network devices and the local network devices.

Network Layer ConnectivityEach Outpost network device requires an IP address on each VLAN. This enables them to communicatewith the local network devices to establish a BGP session. We recommend that you use a dedicatedsubnet, with a /30 or /31 CIDR, to represent this logical point-to-point connectivity.

To establish the service link path, you must provide the following for each Outpost networking device: aservice link VLAN subnet (/30 or /31) and an IP address for the service link VLAN.

To establish the local gateway path, you must provide the following for each Outpost networking device:a local gateway VLAN subnet (/30 or /31) and an IP address for the local gateway VLAN.

7

Page 12: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideService Link BGP Connectivity

The following table shows example values for the required subnets.

  Local Gateway VLAN Service Link VLAN

Local device 1 172.16.0.2/30 10.0.0.2/30

Local device 2 172.16.0.6/30 10.0.0.6/30

Outpost network device 1 172.16.0.1/30 10.0.0.1/30

Outpost network device 2 172.16.0.5/30 10.0.0.5/30

Service Link BGP ConnectivityService link connectivity is established from devices in the Outpost rack that are connected to theOutpost network devices. These devices use IP addresses from an infrastructure subnet created by you(one /26 CIDR per rack) prior to installation of your Outpost.

The CIDR block from the infrastructure subnet requires connectivity to AWS across a public path. Itmust be assigned from a public address range that you own, or from the private address range (RFC1918) with network address translation (NAT) provided at the edge on your local network. This rangeis advertised from the Outpost network devices as two /27 CIDR blocks in order to meet the durabilityneeds of the rack and to support link and device failures.

The Outpost establishes an external BGP peering from each Outpost network device to a local networkdevice for local gateway connectivity. It uses a private Autonomous System Number (ASN) that youassign in order to establish the external BGP sessions. Each Outpost network device has a single externalBGP peering to a local network device using its service link VLAN.

You must provide a service link BGP ASN and an infrastructure subnet CIDR (/26) for the Outpost. Foreach Outpost network device, provide the BGP peering IP address on the VLAN of the local networkdevice and the BGP ASN of the local network device.

Local Gateway BGP ConnectivityThe Outpost establishes an external BGP peering from each Outpost network device to a local networkdevice for connectivity to the local gateway. It uses a private Autonomous System Number (ASN) thatyou assign in order to establish the external BGP sessions. Each Outpost network device has a singleexternal BGP peering to a local network device using its local gateway VLAN.

You must provide a local gateway BGP ASN for the Outpost and the VPC CIDR blocks that the Outpostnetwork devices will advertise. For each Outpost network device, provide the BGP peering IP address onthe VLAN of the local network device and the BGP ASN of the local network device.

Outpost Connectivity to AWS RegionsAWS Outposts supports two types of wide area network (WAN) connectivity: service links and localgateways.

Contents• Connectivity through Service Links (p. 9)• Connectivity through the Local Gateway (p. 9)• Redundant Internet Connections (p. 9)

8

Page 13: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideConnectivity through Service Links

Connectivity through Service LinksWhen an Outpost is provisioned, it initiates the service link VPN back to the Region, and builds theservice link VPN connection. The Outpost must be able to reach the public AWS ranges, either throughthe public internet or AWS Direct Connect. This connectivity can be through specific routes in the servicelink VLAN, or through a default route of 0.0.0.0/0. For more information about the public ranges forAWS, see AWS IP Address Ranges.

After the service link is established, the Outpost is in service and is managed by AWS. The service link isused for traffic between the Outpost any associated VPCs.

If you are using a firewall to limit connectivity from the service link VLAN, you can block all inboundconnections, because the service link VPN initiates from the Outpost to the Region, never from theRegion. You must configure the following outbound rules on any firewall between the Region and theservice link VLAN. If the firewall is stateful, connections from the Outpost that are allowed outbound(initiated from the Outpost), should be allowed back inbound. If the firewall is stateless, you must allowconnections back inbound.

Protocol Source Port Source Address DestinationPort

Destination Address

UDP 443 Outpost service link /26 443 Outpost Region's publicroutes

TCP 1025-65535 Outpost service link /26 443 Outpost Region's publicroutes

Connectivity through the Local GatewayThe primary role of a local gateway is to provide connectivity from an Outpost to your local on-premisesLAN. It also provides connectivity to the internet through your on-premises network. The local gatewaycan also provide a data plane path back to the AWS Region. If you already have connectivity betweenyour LAN and the Region through AWS Site-to-Site VPN or AWS Direct Connect, you can use the samepath to connect from the Outpost to the Region privately.

The data plane path for the local gateway could traverse from the Outpost, through the local gateway,and to your private local gateway LAN segment, and then follow a private path back to the AWS serviceendpoints in the Region.

Redundant Internet ConnectionsWhen you build connectivity from your Outpost to the AWS Region, we recommend that you createmultiple connections for higher availability and resiliency. For more information, see AWS Direct ConnectResiliency Recommendations.

If you need connectivity to the public internet, you can use redundant internet connections and diverseinternet providers, just as you would with your existing on-premises workloads.

9

https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
http://aws.amazon.com/directconnect/resiliency-recommendation/
http://aws.amazon.com/directconnect/resiliency-recommendation/
Page 14: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideFacility

Outpost Site RequirementsAn Outpost site is the physical location where AWS will install your Outpost. Before you order anOutpost, verify that your site will meet the following requirements.

Requirements• Facility (p. 10)• Networking (p. 10)• Power (p. 10)

Facility• Temperature and humidity – The ambient temperature must be between 41° F (5° C) and 104° F (40°

C) and the relative humidity must be between 8% and 80% with no condensation.• Airflow – The rack position must provide at least 162 times the kVA of cubic feet per minute (CFM)

airflow.• Loading dock – Your loading dock must accommodate a rack crate that is 94 inches high by 54 inches

wide by 51 inches deep.• Weight support – The location where the rack will be installed and the path to that location must

support the weight specified in the order summary at the rack point loads. This includes freight andstandard elevators.

• Clearance – The equipment is 80 inches high by 24 inches wide by 48 inches deep. Any doorways,hallways, turns, ramps, and elevators must provide sufficient clearance. At the final resting position,there must be at least 48 inches front clearance and 24 inches rear clearance.

• Seismic Bracing – To the extent required by regulation or code, you will maintain appropriate seismicbracing for the rack while it is installed in your facility.

• Facility Access – You will not change the facility in a way that negatively affects the ability of AWS toaccess, service, or remove the Outpost.

• Elevation – The elevation of the room where the rack is installed must be below 10,005 feet (3,050meters).

Networking• Provide uplinks with speeds of 1, 10, 40, or 100 Gbps.• Provide either single mode or multimode fiber.• Provide one or two upstream devices (switches or routers). We recommend two devices to provide high

availability.

PowerThe Outposts power shelf supports three power configurations. The configuration of the power shelfdepends on how the server capacity is racked.

AC line voltage Single phase 200 to 277 VAC (50 or 60 Hz) or three phase 346 to480 VAC (50 to 60 Hz)

10

Page 15: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuidePower

Power consumption 5 kVA (4 kW), 10 kVA (9 kW), or 15 kVA (13 kW)

AC protection (upstream powerbreakers)

30 or 32 A

AC inlet type (receptacle) Single phase L6-30P (30A) or IEC309 P+N+E, 6 hour (32 A),three phase AH530P7W 3P+N+E, 7 hour (30 A), or three phaseAH532P6W 3P+N+E 6 hour (32 A)

Whip length 10.25 ft (3 m)

Whip - Rack cabling input From above or below

The power shelf has two inputs, S1 and S2, that can be configured as follows.

  Redundant, single phase Redundant,three phase

Single phase Three phase

5 kVA 2 x L6-30P or IEC309, 1drop to S1 and 1 drop toS2

1 x L6-30P or IEC309, 1drop to S1

10 kVA 4 x L6-30P or IEC309, 2drops to S1 and 2 drops toS2

2 x L6-30P or IEC309, 2drops to S1

15 kVA 6 x L6-30P or IEC309, 3drops to S1 and 3 drops toS2

2 x AH530P7Wor AH532P6W, 1drop to S1 and 1drop to S2

3 x L6-30P or IEC309, 3drops to S1

1 x AH530P7Wor AH532P6W, 1drop to S1

11

Page 16: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideCreate an Outpost and Order Outpost Capacity

Get Started with AWS OutpostsTo begin using AWS Outposts, you must create an Outpost and order Outpost capacity. After yourOutpost equipment is installed, the compute and storage capacity is available for you when you launchEC2 instances and create EBS volumes on your Outpost.

Tasks• Create an Outpost and Order Outpost Capacity (p. 12)• Launch an Instance on Your Outpost (p. 13)

Create an Outpost and Order Outpost CapacityWhen you order Outpost capacity, you can choose from a variety of Outpost configurations, eachproviding a mix of EC2 instance types and EBS volumes.

Prerequisites

• An Outpost site is the physical location where AWS will install your Outpost equipment. Beforeordering capacity, verify that your site meets the requirements for AWS Outposts. For moreinformation, see Outpost Site Requirements (p. 10).

• You must have an AWS Enterprise Support plan.

To create an Outpost

1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.2. Choose Create Outpost.3. Provide a name and description for your Outpost.4. Choose Create site. Complete and submit the form, then select the site that you created.5. Select an Availability Zone for your Outpost.6. Choose Create Outpost.

To order Outpost capacity

1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.2. In the navigation pane, choose Outposts catalog, and then do the following:

a. Select a capacity configuration for your Outpost. If the available capacity configurations do notmeet your needs, you can request a custom capacity configuration instead.

b. Choose Place order.c. Select the Outpost that you created.d. Choose Place order.

3. You can view the status of your order using the AWS Outposts console. The initial status of yourorder is Order received. An AWS representative will contact you within three business days. Youwill receive an email confirmation when the status of your order changes to Order processing. AnAWS representative may contact you to get any additional information that is required by the AWSinstallation team.

If you have any questions about your order, contact AWS Support.

12

https://console.aws.amazon.com/outposts/home
https://console.aws.amazon.com/outposts/home
https://pages.awscloud.com/AWS-Outposts-capacity-configuration.html
Page 17: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideLaunch an Instance

4. To fulfill the order, AWS will schedule a date and time with you. You will also receive a checklistof items to verify or provide before the installation. The AWS installation team will arrive at yoursite at the scheduled date and time. The team will roll the rack to the identified position and yourelectrician can power the rack. The team will establish network connectivity for the rack over theuplink that you provide, and will configure the rack's capacity. The installation is complete when youconfirm that the EC2 and EBS capacity for your Outpost is available from your AWS account.

Launch an Instance on Your OutpostAfter your Outpost is installed and the compute and storage capacity is available for use, you can launchEC2 instances and create EBS volumes on your Outpost using an Outpost subnet.

Prerequisite

You must have an Outpost installed at your site. For more information, see Create an Outpost and OrderOutpost Capacity (p. 12).

Tasks• Step 1: Create a Subnet (p. 13)• Step 2: Configure Routing (p. 13)• Step 3: Launch an Instance (p. 14)• Step 4: Test Connectivity (p. 14)

Step 1: Create a SubnetYou can add Outpost subnets to any VPC in the AWS Region for the Outpost. When you do so, the VPCalso spans the Outpost. For more information, see AWS Outposts Network Components (p. 3).

To create an Outpost subnet

1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.2. On the navigation pane, choose Outposts.3. Select the Outpost, and then choose Actions, Create subnet.4. Select the VPC and specify an IP address range for the subnet.5. Choose Create.

Step 2: Configure RoutingYou must explicitly associate a VPC with the local gateway route table in order to provide connectivitybetween the VPC and your local network. When you create a route, you can specify IP addresses, internetgateways, local gateways, virtual private gateways, and peering connections as destinations.

To configure routing

1. Associate the VPC with the local gateway route table as follows:

a. On the navigation pane, choose Local gateway route tables.b. Select the route table, and then choose Actions, Associate VPC.c. For VPC, select the VPC to associate with the local gateway route table.d. Choose Associate VPC.

13

https://console.aws.amazon.com/outposts/home
Page 18: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideStep 3: Launch an Instance

2. (Optional) You can add, edit, or delete routes in the local gateway route table. For example, you cancreate a route with a destination CIDR block from your local network, and you can choose the localgateway as the target, as follows:

a. On the navigation pane, choose Local gateway route tables.b. Select the route table, and then choose Actions, Create route.c. For Destination, enter the destination address from your local network.d. For Target, enter the ID of the local gateway.e. Choose Create route.

3. (Optional) You can add a route to the local gateway to the route tables for your existing AvailabilityZone subnets.

Step 3: Launch an InstanceYou can launch EC2 instances in the Outpost subnet that you created. Security groups control inboundand outbound traffic for instances in an Outpost subnet, just as they do for instances in an AvailabilityZone subnet. To connect to an EC2 instance in an Outpost subnet, you can specify a key pair when youlaunch the instance, just as you do for instances in an Availability Zone subnet.

To launch an instance in your Outpost subnet

1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.2. On the navigation pane, choose Outposts.3. Select the Outpost, and then choose Launch instance.4. Complete the wizard to launch the instance.5. (Optional) You can allocate an Elastic IP address from your customer-owned IP address pool and

assign it to the instance as follows:

a. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.b. On the navigation pane, choose Elastic IPs. Choose Allocate new address.c. For IP address pool, choose Owned by me and then select the customer-owned IP address

pool.d. For IP address, either let Amazon EC2 select an IP address from the address pool or select a

specific IP address from the address pool.e. Choose Allocate.f. Select the Elastic IP address that you just created and choose Actions, Associate address. Select

the instance and then choose Associate.

Step 4: Test ConnectivityDepending on your use cases, you can test the following connectivity:

• Outpost to local network – Connect to the EC2 instance in your Outpost subnet. Send a ping from theinstance to a server or virtual machine in your local network.

• Local network to Outpost – Send a ping from a server or virtual machine in your local network to anEC2 instance in your Outpost subnet.

• Outpost to AWS Region – Connect to the EC2 instance in your Outpost subnet. Send a ping from theinstance to an EC2 instance in an Availability Zone of the VPC for your Outpost or a peered VPC.

14

https://console.aws.amazon.com/outposts/home
https://console.aws.amazon.com/ec2/
Page 19: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideVPC Associations

Local GatewaysA local gateway is a logical networking device that enables communication between your Outpost andyour on-premises network. You can also use the local gateway for communication between your Outpostand its parent AWS Region.

A local gateway has the following components:

• VPC associations - When you associate a VPC with a local gateway route table, the VPC CIDRs arepropagated by default to the local gateway route table. These CIDRs can be advertised to gateways inyour on-premises network.

• Route tables - A local gateway has a default route table, which is created at the time of installation.The AWS install team also creates one VIF per LAG and associates it with the route table. Routesadvertised by gateways in your on-premises network and CIDRs of attached VPCs are propagated tothese route tables.

• Virtual interfaces - Attach a virtual interface (VIF) to a local gateway to connect to your on-premisesnetwork.

AWS configures a local gateway for your Outpost and a local gateway route table during the installationprocess. Each Outpost supports a single local gateway. The local gateway is owned by the AWS accountassociated with the Outpost. You can share the local gateway with other AWS accounts or organizationalunits using AWS Resource Access Manager.

VPC AssociationsThe VPCs in your Region are not associated with your local gateway route table by default. You mustassociate them yourself.

Create a VPC AssociationUse the following procedure to associate a VPC with a local gateway route table.

To associate a VPC using the console

1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.2. On the navigation pane, choose Local gateway route tables.3. Select the route table, and then choose Actions, Associate VPC.4. For VPC, select the VPC to associate with the local gateway route table.5. Choose Associate VPC.

To associate a VPC using the AWS CLI

Use the create-local-gateway-route-table-vpc-association command.

Delete a VPC AssociationUse the following procedure to disassociate a VPC from a local gateway route table.

15

https://console.aws.amazon.com/outposts/home
https://docs.aws.amazon.com/cli/latest/reference/ec2/create-local-gateway-route-table-vpc-association.html
Page 20: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideRoute Tables

To disassociate a VPC using the console

1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.2. On the navigation pane, choose Local gateway route tables.3. Select the route table.4. Select the VPC, and then choose Disassociate.

To disassociate a VPC using the AWS CLI

Use the delete-local-gateway-route-table-vpc-association command.

Route TablesBy default, the local gateway route table has a route to the two virtual interfaces. You can configurealternate destination routes for connectivity to your network.

Create a RouteUse the following procedure to create a local gateway route.

To associate a VPC using the console

1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.2. On the navigation pane, choose Local gateway route tables.3. Select the route table, and then choose Actions, Create route.4. For Destination, enter the destination address.5. For Target, enter the ID of the target.6. Choose Create route.

To create a route using the AWS CLI

Use the create-local-gateway-route command.

Edit a RouteUse the following procedure to edit a local gateway route.

To associate a VPC using the console

1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.2. On the navigation pane, choose Local gateway route tables.3. Select the route table.4. Select the route, and then choose Edit.5. For Destination, enter the destination address.6. For Target, enter the VIF ID, or the VPC ID.7. Choose Save changes.

Delete a RouteUse the following procedure to delete a local gateway route.

16

https://console.aws.amazon.com/outposts/home
https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-local-gateway-route-table-vpc-association.html
https://console.aws.amazon.com/outposts/home
https://docs.aws.amazon.com/cli/latest/reference/ec2/create-local-gateway-route.html
https://console.aws.amazon.com/outposts/home
Page 21: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideVirtual Interfaces

To associate a VPC using the console

1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.2. On the navigation pane, choose Local gateway route tables.3. Select the route table.4. Select the route, and then choose Delete.5. When prompted for confirmation, choose Delete.

To create a route using the AWS CLI

Use the delete-local-gateway-route command.

Virtual InterfacesWhen you add a route with a VIF, the VIF is treated as a next hop and we use ECMP to distribute thetraffic across multiple links.

17

https://console.aws.amazon.com/outposts/home
https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-local-gateway-route.html
Page 22: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideData Protection

Security in AWS OutpostsSecurity at AWS is the highest priority. As an AWS customer, you benefit from a data center and networkarchitecture that is built to meet the requirements of the most security-sensitive organizations.

Security is a shared responsibility between AWS and you. The shared responsibility model describes thisas security of the cloud and security in the cloud:

• Security of the cloud – AWS is responsible for protecting the infrastructure that runs AWS services inthe AWS Cloud. AWS also provides you with services that you can use securely. Third-party auditorsregularly test and verify the effectiveness of our security as part of the AWS Compliance Programs.To learn about the compliance programs that apply to AWS Outposts, see AWS Services in Scope byCompliance Program.

• Security in the cloud – Your responsibility is determined by the AWS service that you use. You are alsoresponsible for other factors including the sensitivity of your data, your company’s requirements, andapplicable laws and regulations.

This documentation helps you understand how to apply the shared responsibility model when using AWSOutposts. It shows you how to meet your security and compliance objectives. You also learn how to useother AWS services that help you to monitor and secure your resources.

Contents• Data Protection in AWS Outposts (p. 18)• Identity and Access Management for AWS Outposts (p. 19)• Infrastructure Security in AWS Outposts (p. 20)• Resilience in AWS Outposts (p. 20)• Compliance Validation for AWS Outposts (p. 21)

Data Protection in AWS OutpostsAWS Outposts conforms to the AWS shared responsibility model, which includes regulations andguidelines for data protection. AWS is responsible for protecting the global infrastructure that runsall AWS services. AWS maintains control over data hosted on this infrastructure, including the securityconfiguration controls for handling customer content and personal data. AWS customers and APNPartners, acting either as data controllers or data processors, are responsible for any personal data thatthey put in the AWS Cloud.

For data protection purposes, we recommend that you protect AWS account credentials and set upindividual user accounts with AWS Identity and Access Management (IAM), so that each user is given onlythe permissions necessary to fulfill their job duties.

For more information about data protection, see the AWS Shared Responsibility Model and GDPR blogpost on the AWS Security Blog.

Encryption at RestAmazon EBS encryption is an encryption solution for your EBS volumes and snapshots. It uses AWS KeyManagement Service (AWS KMS) customer master keys (CMK). With Outposts, encryption is enabled bydefault. For more information, see Amazon EBS Encryption in the Amazon EC2 User Guide.

18

http://aws.amazon.com/compliance/shared-responsibility-model/
http://aws.amazon.com/compliance/programs/
http://aws.amazon.com/compliance/services-in-scope/
http://aws.amazon.com/compliance/services-in-scope/
http://aws.amazon.com/compliance/shared-responsibility-model/
http://aws.amazon.com/blogs/security/the-aws-shared-responsibility-model-and-gdpr/
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
Page 23: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideEncryption in Transit

Encryption in TransitAWS encrypts in-transit data between your Outpost and its AWS Region.

Use an encryption protocol such as Transport Layer Security (TLS) to encrypt sensitive data in transitthrough the local gateway to your local network.

Data DeletionWhen you stop or terminate an EC2 instance, the memory allocated to it is scrubbed (set to zero) by thehypervisor before it is allocated to a new instance, and every block of storage is reset.

Identity and Access Management for AWSOutposts

AWS Identity and Access Management (IAM) is an AWS service that helps an administrator securelycontrol access to AWS resources. IAM administrators control who can be authenticated (signed in) andauthorized (have permissions) to use AWS resources. IAM enables you to create users and groups underyour AWS account. You control the permissions that users have to perform tasks using AWS resources.You can use IAM for no additional charge.

By default, IAM users don't have permissions for AWS Outposts resources and operations. To allow IAMusers to manage AWS Outposts resources, you must create an IAM policy that explicitly grants thempermissions, and attach the policy to the IAM users or groups that require those permissions.

When you attach a policy to a user or group of users, it allows or denies the users permission to performthe specified tasks on the specified resources. For more information, see Policies and Permissions in theIAM User Guide guide.

Policy StructureAn IAM policy is a JSON document that consists of one or more statements. Each statement is structuredas follows.

{ "Statement":[{ "Effect":"effect", "Action":"action", "Resource":"arn", "Condition":{ "condition":{ "key":"value" } } } ]}

There are various elements that make up a statement:

• Effect: The effect can be Allow or Deny. By default, IAM users don't have permission to use resourcesand API actions, so all requests are denied. An explicit allow overrides the default. An explicit denyoverrides any allows.

19

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
Page 24: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideExample Policies

• Action: The action is the specific API action for which you are granting or denying permission.• Resource: The resource that's affected by the action. Some API actions allow you to include specific

resources in your policy that can be created or modified by the action. To specify a resource in thestatement, you need to use its Amazon Resource Name (ARN).

• Condition: Conditions are optional. They can be used to control when your policy is in effect.

Example PoliciesIn an IAM policy statement, you can specify any API action from any service that supports IAM. For AWSOutposts, use the following prefix with the name of the API action: outposts:. For example:

• outposts:CreateOutpost

• outposts:DescribeOutposts

To specify multiple actions in a single statement, separate them with commas.

"Action": ["outposts:action1", "outposts:action2"]

You can also specify multiple actions using wildcards. For example, you can specify all AWS Outposts APIactions whose name begins with the word "Get".

"Action": "outposts:Get*"

To specify all AWS Outposts API actions, use the * wildcard.

"Action": "outposts:*"

Infrastructure Security in AWS OutpostsAs a managed service, AWS Outposts is protected by the AWS global network security procedures thatare described in the Amazon Web Services: Overview of Security Processes whitepaper.

You use AWS published API calls to access AWS Outposts through the network. Clients must supportTransport Layer Security (TLS) 1.0 or later. We recommend TLS 1.2 or later. Clients must also supportcipher suites with perfect forward secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic CurveEphemeral Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.

Additionally, requests must be signed using an access key ID and a secret access key that is associatedwith an IAM principal. Or you can use the AWS Security Token Service (AWS STS) to generate temporarysecurity credentials to sign requests.

For more information about the infrastructure security provided for the EC2 instances and EBS volumesrunning on your Outpost, see Infrastructure Security in Amazon EC2.

Resilience in AWS OutpostsAWS Outposts is designed to be highly available. Outpost racks are designed with redundant power andnetworking equipment. For additional resilience, we recommend that you provide dual power sourcesand redundant network connectivity for your Outpost.

20

https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf
https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/infrastructure-security.html
Page 25: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideCompliance Validation

With high availability mode, AWS manages redundant capacity on the Outpost. There is capacity foreach instance family held in reserve. If an unhealthy instance must be retired, the redundant capacityis brought online and added to the pool of available capacity. After the unhealthy instance returnsto a healthy state, the redundant capacity is removed from the pool of available capacity and is heldin reserve again. Capacity configurations that are designed for production environments operate inhigh availability mode by default. Capacity configurations that are designed for development andtest environments might not offer high availability mode. We recommend that you use a capacityconfiguration that is designed for your environment.

When you create an Outpost, you select an Availability Zone from an AWS Region. This AvailabilityZone supports control plane operations such as responding to API calls, monitoring the Outpost, andupdating the Outpost. To benefit from the resiliency provided by AWS Availability Zones, you can deployapplications on multiple Outposts, each attached to a different Availability Zone. This enables you tobuild additional application resilience and avoid a dependence on a single Availability Zone. For moreinformation about AWS Regions and Availability Zones, see AWS Global Infrastructure.

Compliance Validation for AWS OutpostsThe existing compliance certifications for AWS Services apply to services running entirely in an AWSRegion. AWS Outposts and services on an Outpost require a separate evaluation for certifications.

Under the shared responsibility model, AWS is responsible for the hardware and software that run AWSservices. This applies to AWS Outposts, just as it does to an AWS Region. This includes patching theinfrastructure software and configuring infrastructure devices. As a customer, you are responsible forimplementing best practices for data encryption, patching their guest operating system and applications,identity and access management, and operating system, network, and firewall configurations.

AWS uses secure channels from manufacturing through installation and delivery of the Outpostequipment. When the Outpost equipment is on your site, any replacement parts are delivered throughthe same secure channels and are checked for tampering. No server or switch repairs occur on site.

As a customer, you are responsible for the physical security and environmental controls at the facilitywhere the Outpost is located, and for providing networking between the Outpost and the AWS Region.Your responsibilities include the following:

• Physical and environmental security of the Outpost, starting from the moment that the Outpostequipment arrives at your facility to the point at which the Outpost equipment is removed at the endof the term or for repairs.

• Physical access controls around the Outpost equipment at your facility. This includes backgroundchecks and security training for facility staff.

• Data management policies, including terminating EC2 instances and deleting data volumes before theOutpost equipment is removed at the end of the term or for repairs.

• Configuring and maintaining a network connection between the Outpost and the AWS Region.Communication sent over this connection between the Outpost and the Region is encrypted by AWS.

• Encrypting any traffic traveling over your network to the local gateway.

21

http://aws.amazon.com/about-aws/global-infrastructure/
http://aws.amazon.com/compliance/shared-responsibility-model/
Page 26: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideCloudWatch Metrics

Monitor Your OutpostAWS Outposts integrates with the following services that offer monitoring and logging capabilities:

CloudWatch metrics

You can use Amazon CloudWatch to retrieve statistics about data points for your Outposts asan ordered set of time series data, known as metrics. You can use these metrics to verify thatyour system is performing as expected. For more information, see CloudWatch Metrics for AWSOutposts (p. 22).

CloudTrail logs

You can use AWS CloudTrail to capture detailed information about the calls made to AWS APIs andstore them as log files in Amazon S3. You can use these CloudTrail logs to determine which callswere made, the source IP address where the call came from, who made the call, when the call wasmade, and so on.

The CloudTrail logs contain information for calls to API actions from services on an Outpost, such asAmazon EC2 and Amazon EBS. The CloudTrail logs do not contain information about the calls to theAPI actions for AWS Outposts.

VPC Flow Logs

You can use VPC Flow Logs to capture detailed information about the traffic going to and from yourOutpost. For more information, see VPC Flow Logs in the Amazon VPC User Guide.

CloudWatch Metrics for AWS OutpostsAWS Outposts publishes data points to Amazon CloudWatch for your Outposts. CloudWatch enablesyou to retrieve statistics about those data points as an ordered set of time series data, known as metrics.Think of a metric as a variable to monitor, and the data points as the values of that variable over time.For example, you can monitor the total number of healthy targets for a load balancer over a specifiedtime period. Each data point has an associated timestamp and an optional unit of measurement.

You can use metrics to verify that your system is performing as expected. For example, you can createa CloudWatch alarm to monitor a specified metric. If the metric goes outside what you consider anacceptable range, CloudWatch can initiate an action, such as sending a notification to an email address.

For more information, see the Amazon CloudWatch User Guide.

Contents

• Outpost Metrics (p. 22)

• Outpost Metric Dimensions (p. 24)

• View CloudWatch Metrics for Your Outpost (p. 24)

Outpost MetricsThe AWS/Outposts namespace includes the following metrics.

22

https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/
Page 27: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideOutpost Metrics

Metric Description

CapacityExceptions The number of insufficient capacity errors for instance launches.

Unit: Count

Maximum resolution: 5 minutes

Statistics: The most useful statistics are Maximum and Minimum.

Dimensions

• OutpostId

• Account, OutpostId• InstanceType, OutpostId• Account, InstanceType, OutpostId

InstanceFamilyCapacityAvailabilityThe percentage of instance capacity available.

Unit: Percent

Maximum resolution: 1 minute

Statistics: The most useful statistics are Average and pNN.NN(percentiles).

Dimensions

• InstanceFamily, OutpostId

InstanceFamilyCapacityUtilizationThe percentage of instance capacity in use.

Unit: Percent

Maximum resolution: 1 minute

Statistics: The most useful statistics are Average and pNN.NN(percentiles).

Dimensions

• InstanceFamily, OutpostId• Account, InstanceFamily, OutpostId

InstanceTypeCapacityAvailabilityThe percentage of instance capacity available.

Unit: Percent

Maximum resolution: 1 minute

Statistics: The most useful statistics are Average and pNN.NN(percentiles).

Dimensions

• InstanceType, OutpostId

InstanceTypeCapacityUtilizationThe percentage of instance capacity in use.

23

Page 28: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideOutpost Metric Dimensions

Metric Description

Unit: Percent

Maximum resolution: 1 minute

Statistics: The most useful statistics are Average and pNN.NN(percentiles).

Dimensions

• InstanceType, OutpostId• Account, InstanceType, OutpostId

Outpost Metric DimensionsTo filter the metrics for your Outpost, use the following dimensions.

Dimension Description

Account The ID of the AWS account.

InstanceFamily The instance family.

InstanceType The instance type.

OutpostId The ID of the Outpost.

View CloudWatch Metrics for Your OutpostYou can view the CloudWatch metrics for your load balancers using the CloudWatch console.

To view metrics using the CloudWatch console

1. Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.2. In the navigation pane, choose Metrics.3. Select the Outposts namespace.4. (Optional) To view a metric across all dimensions, enter its name in the search field.

To view metrics using the AWS CLI

Use the following list-metrics command to list the available metrics.

aws cloudwatch list-metrics --namespace AWS/Outposts

To get the statistics for a metric using the AWS CLI

Use the following get-metric-statistics command to get statistics for the specified metric and dimension.CloudWatch treats each unique combination of dimensions as a separate metric. You can't retrievestatistics using combinations of dimensions that were not specially published. You must specify the samedimensions that were used when the metrics were created.

aws cloudwatch get-metric-statistics --namespace AWS/Outposts \

24

https://console.aws.amazon.com/cloudwatch/
https://docs.aws.amazon.com/cli/latest/reference/cloudwatch/list-metrics.html
https://docs.aws.amazon.com/cli/latest/reference/cloudwatch/get-metric-statistics.html
Page 29: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideView CloudWatch Metrics for Your Outpost

--metric-name InstanceTypeCapacityUtilization --statistics Average --period 3600 \--dimensions Name=OutpostId,Value=op-01234567890abcdef \Name=InstanceType,Value=c5.xlarge \--start-time 2019-12-01T00:00:00Z --end-time 2019-12-08T00:00:00Z

25

Page 30: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User GuideHardware Maintenance

Outpost MaintenanceUnder the shared responsibility model, AWS is responsible for the hardware and software that run AWSservices. This applies to AWS Outposts, just as it does to an AWS Region. For example, AWS managessecurity patches, updates firmware, and maintains the Outpost equipment. AWS also monitors theperformance, health, and metrics for your Outpost and determines whether any maintenance is required.

Hardware MaintenanceIf AWS detects an irreparable issue with hardware hosting EC2 instances running on your Outpost, wewill send you instance retirement notices for the affected instances. With high availability mode, thebuilt-in redundant capacity is added to the pool of available capacity in the Outpost, making it availablefor instance launches. If you stop and start an affected instance, this migrates it to the available capacity,and the hypervisor scrubs (sets to zero) all data that was allocated to the instance from the hardware.If you do not stop and start an affected instance, AWS stops and starts it for you when it reaches itsscheduled retirement date. For more information, see Instance Retirement in the Amazon EC2 User Guide.

If hardware maintenance is required, AWS will contact you to confirm a date and time for the AWSinstallation team to visit your Outpost site. You can schedule a visit as soon as two business days fromthe time that you speak with the AWS team.

When the AWS installation team arrives on site, they will replace the unhealthy hosts, switches, or rackelements and bring the new capacity online. They will not perform any hardware diagnostics or repairson site. If they replace a host, they will remove and destroy the NIST-compliant physical security key,effectively shredding any data that might remain on the hardware. This ensures that no data leaves yoursite. If they replace an Outpost networking device, information about your IP addresses might be presenton the device when it is removed from the site.

Firmware UpdatesUpdating the Outpost firmware does not typically affect the instances on your Outpost. In the rarecase that we need to reboot the Outpost equipment to install an update, you will receive an instanceretirement notice for any instances running on that capacity.

26

http://aws.amazon.com/compliance/shared-responsibility-model/
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-retirement.html
Page 31: AWS Outposts - User Guide...Y oum i g h tencr lDNS sw R 53, d p a y between your Outpost and the AWS Region. In such cases, you can use the DNS servers installed locally in your on-premises

AWS Outposts User Guide

Document HistoryThe following table describes the releases for AWS Outposts.

update-history-change update-history-description update-history-date

Initial release (p. 27) This is the initial release of AWSOutposts.

December 3, 2019

27


Outposts Adult Expeditions

AWS Outposts - API Reference · 2020. 11. 23. · AWS Outposts is a fully-managed service that extends AWS infrastructure, APIs, and tools to customer premises. By providing local

Outposts and Advance Flank and Rear Guards 1915

Financial Comparison of On-premises Cloud-first Options ... · mission critical workloads on-premises: Oracle Exadata Cloud at Customer, Microsoft Azure Stack, AWS Outposts, Other

Warning: Azure Stack, AWS Outposts Aren???t Suitable for ......Warning: Azure Stack & AWS Outposts Aren’t Suitable for On-Prem Critical Cloud Workloads Introduction The value of

LifeMode Group: Rustic Outposts 10A Southern Satellites

22 Regions | 69 Availability Zones | 97 Direct Connect ... · AWS Elastic Beanstalk AWS Lambda AWS Batch VMware Cloud on AWS Outposts AWS Fargate AWS Management & Governance Storage

Loon Haunt Outposts – 2021 Highlights of our Abbreviated S

OFFERING OVERVIEW AWS Outposts Powers Next-Gen …

Amazon Virtual Private Cloud...Amazon Virtual Private Cloud Guía del usuario Ampliación de los recursos de VPC a las zonas locales de AWS 72 Subredes en AWS Outposts 72

Cloud at the Edge for Healthcare and Life Sciences · 2021. 1. 6. · 2 2 How AWS is Meeting Healthcare and Life Sciences Challenges Edge Services for HCLS Organizations AWS Outposts:

Summary of Sason Report Concerning Unauthorized Outposts in the Occupied Territories

Global Outposts Mou

Notes on Outposts

Loon Haunt Outposts 2017 Reflections on our Season Newsletter produced by Loon Haunt Outposts, Box 1344, Red Lake, Ontario, Canada, P0V 2M0 807-735-2400 Loon Haunt Outposts – 2017

Outposts leadership & prefect training for schools

EUROPEAN CORPORATE INNOVATION OUTPOSTS IN SILICON … · European Corporate Innovation Outposts in Silicon Valley: the Who’s Who 14 outposts (32% of the total, one out of three)

2010 Kashabowie Outposts Annual Newsletter

“Outposts of Britain” The General Post Office and the Birth of a … · 1 “Outposts of Britain” The General Post Office and the Birth of a Corporate Iconic Brand, 1930-1939

500 Demo Day Batch 18: Digital Outposts

David Ekvall - Outposts or, Tibetan Border Sketches

23,4)3(- 56(%-1 720...Healthcare data volume will experience a compound annual growth rate (CAGR) of more than a third by 20255 AWS Outposts is the ideal home for a variety of HCLS

Holt, Harper Pitt's Journey, Outposts, Oct 2013

Early Voyagers Early voyagers Missionaries Early voyagers Missionaries Colonial outposts

“SPIEGEL DATABASE” OF WEST BANK SETTLEMENTS AND OUTPOSTS · 2016. 5. 22. · outposts settlements considered legal under Israeli law are actually built on private Palestinian

REMEMBERING OUR PAST TO ENHANCE OUR FUTURE 2013 … · 2013. 6. 2. · 1. Attendance at all assemblies and council fires is required of all campers. Outposts are to be on time. Outposts

Outposts - Raising the Funds Handbook

Israel, Settlements, and Unauthorized Outposts · Israel, Settlements, and Unauthorized Outposts Daniel Kurtzer MEI Policy Focus 2016-24 Middle East Institute Policy Focus Series

UNESCO AIC Outposts and Price Tag Violence

Outposts Team Activities for schools

The Anatomy of LDNS Clusters: Findings and Implications for

Modernizing Your Enterprise with AWS Outposts · organizations are being forced to innovate faster. At the same time, the need to reduce costs is ever-present. ... Cloud and on-premises

Outposts - Bernalillo County...Outposts Sculpture Locations Alameda Drain Trail “Public Art has the power to inspire curiosity, encourage contemplation, facilitate dialogue, foster

BIG-IP® DNS: Concepts · About BIG-IP DNS probes of an LDNS.....33 Converting a statistics collection server to a Prober pool automatically.....34 About delegation of LDNS probes.....35

outposts in Southeast Asia. The United States relies on Japan...outposts in Southeast Asia. The United States relies on Japan’s efforts in Southeast Asia to maintain regional stability