Late last week, Amazon Web Services (AWS) announced the release of three features especially designed for enterprise customers. Enterprise customers now have access to greater security and identity management functionality in addition to an array of features that enhance the AWS Virtual Private Cloud offering. AWS titled Thursday's three clusters of features under the headings Identity Federation, AWS Direct Connect and Virtual Private Cloud Everywhere.
AWS Identity Access Management (IAM) features enable customers to grant role-based access to users that limits their access to Amazon's APIs and related resources. IAM not only enables control access of access to specific AWS resources, but can also specify constraints on the mode of access to AWS. For example, IAM permits conditions about access to AWS according to parameters such as the time of day, originating IP address or the use of SSL.
Identity Federation enhances IAM by allowing users to access AWS resources without requiring an individual IAM user identity. Organizations can now grant temporary access to guest users by way of access keys or session tokens that expire after a designated period of time.
AWS Direct Connect
AWS Direct Connect enables customers to securely access their Amazon Web Services resources by connecting to an Equinix data center that connects to the Amazon Web Services EC2 infrastructure. The direct link through Equinix allows customers to bypass a regular internet connection to their AWS resources and enjoy more predictable data transfer speeds, increased bandwidth and reduced bandwidth costs. AWS expects three major use cases for Amazon Direct Connect: (1) Data center replacement through migration of a data center to an AWS infrastructure; (2) High speed access to custom hosting facilities from an AWS console connected to those facilities via Equinix; and (3) High volume data transfers between a data center and Amazon Web Services.
Currently, AWS Direct Connect is available only through Equinix's Ashburn, VA data center for connection to Amazon's U.S.-East Northern Virginia data center. AWS Direct Connect locations are planned for San Jose, Los Angeles, London, Tokyo and Singapore.
Virtual Private Cloud Everywhere
The AWS Virtual Private Cloud (VPC) offering enables customers to provision a dedicated set of servers with complete control over the configuration of the virtual networking environment. The Virtual Private Cloud network has now graduated from Beta to General Availability mode. In addition, the VPC is available from more than one Availability Zone within a specific AWS Region.
Moreover, VPCs are now accessible from more than one VPN connection. Multiple VPN access to Virtual Private Clouds allows clients to create different "customer branches" or offices that access the Virtual Private Cloud through a customized set of VPN credentials.
Users can also create more than one VPC per region and view the status of each VPN access point through the AWS Management console, command line and EC2 API. Additional features include elastic IP addresses for EC2 instances in a VPC, full control of a VPC's structure and a VPC wizard that facilitates set-up. Finally, VPC capability is now available in all five of Amazon Web Services's regions: U.S. East (Northern Virginia), U.S. West (Northern California), EU (Ireland), Asia Pacific (Singapore), and Asia Pacific (Tokyo).
The recent deployment collectively amounts to a release that "qualifies as massive" according to Jeff Barr of Amazon Web Services. Virtual Private Clouds appeal to enterprise customers for obvious security and regulatory reasons involving a desire not to commingle data with servers leveraged by other customers. Identity Federation gives enterprises greater control over user access privileges to AWS. AWS Direct Connect responds to customer feedback about a desire to access AWS through means other than the public internet. Meanwhile, the enhancements to the Virtual Private Cloud enable greater redundancy and failover planning in addition to superior flexibility vis-à-vis VPC management and configuration.