Skip to main content

Cloud.gov Infrastructure

Overview

Cloud.gov operates on AWS GovCloud (US) within the us-gov-west-1 region, providing a FedRAMP High-authorized infrastructure foundation. This enables agencies to deploy applications meeting strict compliance requirements including ITAR, CUI, and other sensitive workloads. The platform abstracts AWS complexity while providing access to native AWS services through our managed service broker.

Prerequisites

  • Understanding of Infrastructure-as-a-Service (IaaS) vs Platform-as-a-Service (PaaS) concepts
  • Familiarity with AWS GovCloud capabilities
  • Organization Manager role for service provisioning
  • Knowledge of Open Service Broker API standards

Process / Steps

1. Understand the Infrastructure Stack

2. Access Brokered AWS Services

Available FedRAMP-authorized services:

  • RDS: PostgreSQL, MySQL, Oracle
  • S3: Object storage with encryption
  • ElastiCache: Redis for caching
  • Elasticsearch: Search and analytics

Provision via CLI:

# List available services
cf marketplace

# Create service instance
cf create-service aws-rds medium-mysql my-database

# Bind to application
cf bind-service my-app my-database

3. Understand Compliance Inheritance

From AWS GovCloud:

  • Physical security controls
  • Infrastructure redundancy
  • FIPS 140-2 validated encryption
  • FedRAMP High authorization

From Cloud.gov:

  • Platform security controls
  • Automated patching
  • Configuration management
  • Continuous monitoring

4. Regional Resilience & Roadmap

Current posture (us‑gov‑west‑1): Cloud.gov is deployed in multiple Availability Zones within the AWS GovCloud West region, delivering high availability and in‑region disaster recovery with no single‑AZ dependency.

Future posture (multi‑region): We plan to enable cross‑region failover between GovCloud West and GovCloud East. This capability will activate once customer demand and compliance drivers justify the added complexity and cost.

For a concise primer on how AWS carves up its cloud, including the fault‑isolation benefits of Regions vs. Availability Zones, see the official AWS Global Infrastructure page: Understanding AWS Regions and Availability Zones

5. Extend the Marketplace

Customer Responsibility: Add custom services using Open Service Broker API:

  1. Implement broker endpoints
  2. Register with Cloud.gov
  3. Make available to your organization

Common Errors & Fixes

Service Provisioning Failures

  • Issue: "Service broker error" messages
  • Fix: Verify service availability in your region and quota limits

Direct AWS Access Attempts

  • Issue: Trying to access AWS console directly
  • Fix: Use Cloud.gov CLI/API for all infrastructure operations

ITAR Workload Concerns

  • Issue: Uncertainty about ITAR compliance
  • Fix: AWS GovCloud supports ITAR; document in your SSP

FAQs

Q: Can we use AWS services not in the marketplace? A: Create user-provided services for external AWS resources, or implement a custom service broker.

Q: Why can't we access the AWS console? A: Cloud.gov provides abstraction and standardization. Direct AWS access would bypass platform security controls.

Q: Could Cloud.gov run on other clouds? A: Yes. Cloud Foundry supports Azure, GCP, and OpenStack. Contact us about multi-cloud requirements.

Q: How do we request new AWS services? A: Email support@cloud.gov with your use case. We prioritize based on demand and security review.

GSA.gov

An official website of the U.S. General Services Administration

Looking for U.S. government information and services?
Visit USA.gov